How Microsoft benefitted from WannaCry?
May 22, 2017 Posted / 1648 Views
The WannaCry ransomware that swept the globe on Friday has proven so malicious and dangerous that Microsoft has issued patches for Windows versions dating back as far as 14 years.
Late Friday, emergency security updates were released for Windows XP, Windows 8, and Windows Server 2003. Links to the updates can be found in Microsoft's announcement. WannaCry ransomware exploded over the weekend and spread like a worm to infect more than 200,000 systems across 150 countries around the world, according to Europol. In response, Microsoft took the emergency step to release patches for no longer supported versions of Windows.
Microsoft admitted the move was “highly unusual" because the three operating systems are no longer officially supported. XP support, for instance, ended more than three years ago.
The extent and severity of the WannaCry attack has been nearly unprecedented, hijacking systems from hospitals in the U.K. to phone operators in Spain. Systems across nearly 100 countries are known to have been affected so far. Though researchers have found a "kill switch" that seems to have hampered the software's spread, the attack is widely expected to continue in modified form.WannaCry, also known as WannaCrypt or Wanna Decryptor, is reportedly based on exploits developed by the U.S. National Security Agency before being stolen and leaked by a group called the Shadow Brokers in April. Up-to-date Windows 10 systems were already protected from the attack.
Microsoft says it decided to patch the outdated systems “with the principle of protecting our customer ecosystem overall, firmly in mind.” As with biological viruses, unprotected machines often become threats to other users as computer malware spreads, for instance by generating spam emails. While Microsoft is warning users to protect themselves against WannaCry by taking caution when opening email attachments, security firm Symantec warns that WannaCry is also spreading “within corporate networks, without user interaction.”
The WannaCry ransomware -- also known as Wanna Decryptor, WannaCrypt and WannaCryptor -- emerged on Friday and is based on the EternalBlue exploit of Windows Server Message Block (SMB) v1 found in a recent dump of NSA cyberweapons. Microsoft had released a patch for supported systems in the March 2017 Patch Tuesday updates with bulletin MS17-010.
However, the WannaCry infections spread fast among legacy systems, especially in healthcare organizations, and prompted Microsoft to take "the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8 and Windows Server 2003," according to a blog post from Friday.
Most experts, like Sanjay Raja, CMO at Lumeta, a cybersecurity company headquartered in Somerset, N.J., praised Microsoft for releasing MS17-010 patches for unsupported systems but said it may not help with unmanaged systems.
Jeremiah Grossman, director of security at SentinelOne, a cybersecurity company based in Palo Alto, Calif., said the legacy systems patches from Microsoft should "make a huge difference" in mitigating the WannaCry ransomware threat.
"Microsoft did us all a great service. Not only did they release an update when they technically didn't have to, and in record time, but apparently had the patch already developed and were well-prepared -- just in case something like this were to happen," Grossman told SearchSecurity. "Some organizations, for a variety of business and technical reasons are locked into using XP. So, now, having the option to patch in addition to disabling SMBv1 gives them much-needed options to protect themselves, which also gives them time to develop a more longer-term transition place."
Kasper Lindgaard, senior director of research and security at Flexera Software, a software licensing and compliance company based in Itasca, Ill., said Microsoft might actually be doing a disservice to its customers.
"If we look specifically at the current situation only, then Microsoft providing a patch is a good thing for those still running end-of-life versions of Windows," Lindgaard told SearchSecurity. "However, if we look at the bigger picture, then I believe that Microsoft is doing a disservice to customers, as it is now less likely that those remaining on these obsolete versions will actually upgrade. They can easily be thinking now, that Microsoft will bail them out if the situation is grave enough."
Applancer is an open platform for discussion on all things like Blockchain , Cryptocurrency and Ico news updates. As such, the opinions expressed in this article are the author's own and do not necessarily reflect the view of Applancer .
Hottest Blockchain Newsletter
For updates and exclusive offers, enter your e-mail below.