By now, you’ve probably heard of the “WannaCry” ransomware that has swept across the globe over a very short timespan. But in case you have no idea what I’m talking about, here’s the run-down:
Ransomware is a modern phenomenon in computer viruses that is particularly threatening. What happens with ransomware is, when a user clicks a malicious link, their computer downloads a program that infects their computer, and immediately starts encrypting files. Early versions only encrypted the infected computer, but it didn’t take long before adapted types of ransomware showed up, which would start with the initially infected computer, and then move on to any other computers & devices on the network it could find…many times even including backup systems.
Once the files are encrypted, users are greeted with a message informing them that they must make a payment – usually in bitcoin – in order to get the encryption key that will decrypt their files. Your files are held for ransom, hence the name “ransomware.”
One of the biggest problems with ransomware is that, even if you pay the ransom, there is no guarantee that the hackers will actually give you the key to unlock your files…so you could end up paying the ransom, and still be left with all of your files encrypted. There have been cases where paying the ransom did end with companies being able to decrypt their files, but there are others where they paid the ransom, and never received any response with the decryption key.
What makes the WannaCry ransomware especially malignant is that it uses an NSA-developed exploit in the Windows operating system to access computers, and then reaches out to any other vulnerable computers on the network and infects them, as well. At some point, this exploit was leaked from the NSA, and some hackers used it for this attack. And while Microsoft released a patch to fix the vulnerability back in March, apparently there are a LOT of computers out there that either haven’t been installing Windows updates for at least the past few months, or are running Windows operating systems that Microsoft no longer supports, like Windows XP (Microsoft ended support for XP in April, 2014).
One of the biggest shocks to come out of this mess, beyond the fact that this ransomware spread across the globe virtually overnight, was its effect on Britain’s National Health Service (NHS). 16 hospitals were forced to divert emergency patients to other facilities, and reports indicate that around a whopping 90% of NHS computers are running the outdated Windows XP OS.
Running an unsupported operating system isn’t a good idea to begin with, because even as annoying as OS updates can be, most of the time, the purpose of the update is to fix security holes like the one that WannaCry exploits. Then, there are people who turned Windows updates off, and didn’t receive the patch when Microsoft pushed it out. And those who aren’t running any kind of antivirus software.
Since most modern computers are networked & connected to the Internet, having a network like NHS running an unsupported operating system, and apparently without an up-to-date firewall & antivirus system that could have stopped something like this, is particularly egregious. Sometimes there are legacy systems that won’t run on newer operating systems, and upgrading can be particularly painful and expensive.
But, as an IT director at a company that works with sensitive data on a daily basis, I know for a fact that updating legacy systems and maintaining network security, while painful at times, is worth it. When Microsoft announced that they would be ending support for Windows XP, we immediately began planning to phase out the few remaining workstations we had running XP, because we understood the risks to our organization of running essential operations with unsupported operating systems. For the British government to be running the majority of its healthcare system with vulnerable technology is absolutely inexcusable. And while they are likely still in chaos over this attack today, at some point they should just be thankful that their systems were encrypted in-place, and that the hackers didn’t steal all of the patient data that flows through those systems, like what happened with US Government employee data when the Office of Personnel Management was breached back in 2015.
Government bureaucracies are notoriously inert, slow to upgrade legacy systems…remember that the next time someone tells you that the government should run our healthcare system.
Due to the scale of this attack and the speed with which it has spread, Microsoft has announced that they are releasing a patch for its unsupported operating systems, including Windows XP, 8, and Server 2003. No matter what OS you’re running, make sure it and your antivirus software (you are running antivirus software, right?) are fully updated.