WannaCry ransomware has hit more than 150 countries. According to stats released by leading security companies, more than 230,000 computers were affected by WannaCry ransomware. Microsoft was quick in releasing a security update for its latest Windows operating systems.
As we know, Microsoft has already ended support for Windows XP a few years ago and had asked XP users to upgrade to newer Windows operating systems. However, you may be surprised to learn that Windows XP is still being used by millions of users worldwide. In fact, according to Netmarketshare, it is 3rd most popular operating system in the world and Windows XP is still running on just over 7% of the world’s computers. Since Microsoft has stopped supporting Windows XP, it is most vulnerable to ransomware like Wannacry.
How WannaCry affects computers?
According to leading security blogs, the ransomware executes massive IP address scanning to find out vulnerable computers. After the system is infected with WannaCry, the malware encrypts the victim’s photos, documents, music, and the files remain inaccessible, until the victim pays the demanded ransom to get the decrypt key.
The WannaCry ransomware exploits Server Message Block vulnerability to load malware and compromise Windows machines. SMB is a transport protocol used by Windows operating systems for a variety of purposes including printer sharing, file sharing and accessing Windows Remote services. SMB works over TCP ports 445 and 139. In April 2017, Shadow Brokers hackers group had released information about SMB vulnerability named “Eternal Blue” which was part of Microsoft’s Security Bulletin – MS17-010.
Microsoft had already issued a patch to fix this vulnerability in March 2017. However, organizations and individuals running an older version of a Windows operating systems such as Windows XP and discontinued versions like Windows 8 were not able to apply this security patch. This made computers running Windows XP and Windows 8 more vulnerable. Looking at the large number of businesses and individuals affected by WannaCry, Microsoft made an exception to their policy by releasing a security patch to protect Windows XP users from ransomware. The security updates which addresses the file sharing bug is also available for older versions of Windows operating system including Windows XP, Windows 8 and Windows Server 2003.
The company has said the versions of MS17-010, a six-vulnerability fix offered to Windows 7 and Windows 10 users were also ready for Windows XP and some unsupported Windows Server products. The company further clarified the patches were kept ready looking at the potential impact the bug would have on customers and the security patch was ready to be distributed under Custom support. According to Microsoft’s policies, the company only offers security post retired assistance under Custom Support which is a pay-for-patches program for corporate customers.
Windows XP emergency patch not available through Windows Update maintenance services
Microsoft ended support for Windows XP in 2014. The KB4012598 update published last week which patches the SMB bug is the first patch offered to Windows XP users after three years. Microsoft offered the security patch to fix the SMB bug to Windows 7, Windows 8.1, and Windows 10 users through its regular Windows Update maintenance service. The company has mentioned corporate and individuals using unsupported versions of Windows operating systems need to download the emergency patch manually for their respective operating systems and server products from the Microsoft Update Catalog. The emergency patch is not being delivered through Windows update. Here are the links to download an emergency patch to keep your computer safe from WannaCry ransomware.
The emergency patch is available for free. Users are required to download the emergency patch to protect their computer from WannaCry ransomware. Microsoft has mentioned the decision to publish the security update for unsupported Windows operating systems and server products was made after assessing the situation. The company took this unusual decision to protect the overall customer ecosystem.
The company has also mentioned that WannaCry ransomware can infect your computer in other ways. Some cyber-attacks used phishing tactics with malicious attachments. Users are advised not to open files from unknown and untrusted sources. Microsoft has mentioned Windows 7, Windows 8.1 and Windows 10 users have already been offered the security update and the latest Windows Defender anti-virus definitions are also secured.
Countries most affected by WannaCry ransomware
UK, Spain, US, Russia, and China are the top 5 most affected countries by WannaCry ransomware. According to leading news agencies, 16 NHS health trusts in the UK, Interior Ministry of Russia, Telefonica in Spain, FedEx USA and Academic Institutes in China have been victims of the WannaCry attack.
Prior to the retirement of Windows XP, that is in early 2014, the UK government had contracted with Microsoft for one-year custom support for their XP machine at NHS. However, the UK government did not renew the contract which made XP machines at NHS trusts a soft target for recent cyber-attacks.
The ransomware attack has subsided and attackers behind the ransomware were only able to make $20,000. Though Microsoft published a security patch for Windows XP, not many XP users were at the receiving end of this cyber-attack. In fact, 98% of computers affected by ransomware were running some versions of Windows 7 and there was only one Windows XP in a thousand affected machines.
If your computer is infected by Ransomware, the first thing you need to do is stop it from spreading to other machines by isolating the infected machine from the network. The next step is downloading and applying an emergency patch.
The WannaCry attack could have been worse and the next attack could come anytime. Next time, the users may not be so lucky. The only way to protect your computer is to apply security patches in a timely manner and not use older unsupported versions of operating systems. As Microsoft’s blog makes it clear, vulnerable computer are not the only danger to themselves but they are a big risk to the entire world at large.