Do you what WannaCrypt – A high profile ransomware is? When was the last time you thought about Windows XP? Probably quite a while ago. It’s likely the same for Microsoft as this version of Windows has long been demoted. However, new patches have been released for Windows XP as well as Windows 8 and Windows Server 2003 last weekend due to attacks by WannaCrypt.
WannaCrypt is a high profile ransomware that has already attacked the NHS in the UK causing chaos in hospitals. The UK government had contracted for one year of custom support in 2015 but did not renew this contract in 2015. This left machines that were running Windows XP vulnerable and open to attacks. It has been widely reported that machines using Windows XP were crucial to the spread of the WannaCrypt malware.
WannaCrypt infects other computers by finding vulnerable machines that are connected to public Wifi as well as local networks. Upon installation, it then blocks data on the computer by encryption and demands a sum of money (between $300 to $600 in Bitcoin) to release the files. Targeting exceptionally time sensitive data like hospital services and banks leaves the targeted with little choice other than to pay up as they cannot wait for a solution to be developed. That being said, security experts had advised waiting if possible before paying as they are working on a solution.
The initial spread of the ransomware was through email attachments and widespread phishing. The emails were fake bank emails concerning a money transfer which caught out a surprisingly large number of people. The attacks of last week seem to have focused on Europe and Asia and while the NHS is the most high-profile attack it is Russia who seems to have been hit the hardest.
This is an unprecedented step from Microsoft since they have never released security updates for retired software like this before. It is estimated that around 8% of all Windows PCs are still running Windows XP and 2% are still running Windows 8. It is likely that the news reports of the vulnerability of Windows XP and its part in helping WannaCrypt to spread influenced Microsoft in releasing the patch.
The updates were already in existence as they were versions of MS17-010 which is a vulnerability fix that Microsoft delivered earlier this year to versions not yet retired. This fix allows corporate customers to pay for patches as part of customer support. It is this assistance that the NHS declined to renew. Microsoft was aware of vulnerabilities in MS17-010 which is why they released the fix in March. However, by neglecting to have an update available they left 10% of all Windows PCs vulnerable. It is an oversight that should not reoccur.
It is important to patch all systems as while WannaCrypt – A high profile ransomware, may have been contained for now by security experts releasing a kill switch, it is entirely possible that hackers are developing a new version of it. Systems already infected unfortunately cannot run the kill switch and be free of the ransomware.