May 22, 2017 By Douglas Bonderud 3 min read

The WannaCry ransomware remains a critical threat even after the discovery of a kill switch. Fraudsters are still looking for a workaround, while previously infected devices are reaching the end of their countdown — should they pay up or attempt to find another way out?

As noted by SecurityWeek, there are now reports that Microsoft withheld a critical patch that could have slowed the spread of this infection and limited its overall impact. While it’s tempting to throw stones at the technology giant, the outcome is symptomatic of the much larger problem of unpatched operating systems that offer easy access for malware-makers.

Patching Problems

Back in March, Microsoft detected a vulnerability in Windows code that paved the way for ransomware such as WannaCry. At the time, the company distributed a free security update for Windows 10 devices to patch the hole and limit the threat. But there was no such update for Windows XP, and users were forced to pay between $200 and $400 if they wanted the update. After the attack began, Microsoft released the patch for free and included all older versions. Understandably, backlash is now brewing online.

But that isn’t the whole story. Support for XP ended three years ago after 12 years of full support from the company. Businesses knew the risk of continuing to use unsupported software, and in so doing assumed the responsibility for either patching their own systems or paying for custom support.

It’s also worth noting that the number of XP devices infected by WannaCry is “insignificant” — 98 percent of all affected Windows computers were running Windows 7, according to The Verge. And guess what? Windows 7 was part of the free March upgrade.

The Bigger Picture

For XP devices that have already been infected, CNET reported that a new fix called WannaKey might help. So long as the computer hasn’t been rebooted, the tool can scan for prime numbers used to create encryption and decryption keys and then unlock the device.

Another tool, WanaKiwi, does the same for Windows 7 computers. But even as security teams are cleaning up current infections and building decryption tools, Wired reported that cybercriminals are still trying to disable the kill switch to get the ransomware back on track.

Kryptos Logic cybersecurity analyst Marcus Hutchins discovered that WannaCry attempts to connect with a specified web domain. If successful, it indicates the presence of a security sandbox and forces the malware to go dormant. Hutchins registered the domain in the ransomware’s code, making it believe that every new infection was actually a security testing environment, and stalling the entire attack effort.

Now fraudsters are trying to take this domain offline by flooding it with junk traffic using a Mirai botnet. If successful, rebooted machines carrying the infection will begin spreading it anew.

WannaCry Woes Continue

So what does all this mean for businesses worried about the WannaCry ransomware and looking for ways to defend against the next big threat? It’s not enough to wait around hoping that OS vendors will offer a patch for free or provide automatic security updates.

While it may be cost-efficient to run older OSs and limit the need to deploy new software and integrate new functions, this shifts the onus from software-makers to in-house IT. Patching becomes paramount and the problem of device owners, not developers.

Many tears have been shed over WannaCry, and there are more to come as this plays out. Sure, it’s tempting to berate Microsoft for holding back a patch, but that misses the message and leaves companies vulnerable for the next ransomware rollout.

In short, the older the OS, the bigger the risk; patch first and patch fast to avoid the biggest problems with new ransomware risks.

Join the IBM webinar series: Orchestrate Your Security Defenses to Avoid Ransomware Attacks

More from

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today