The WannaCry ransomware remains a critical threat even after the discovery of a kill switch. Fraudsters are still looking for a workaround, while previously infected devices are reaching the end of their countdown — should they pay up or attempt to find another way out?
As noted by SecurityWeek, there are now reports that Microsoft withheld a critical patch that could have slowed the spread of this infection and limited its overall impact. While it’s tempting to throw stones at the technology giant, the outcome is symptomatic of the much larger problem of unpatched operating systems that offer easy access for malware-makers.
Patching Problems
Back in March, Microsoft detected a vulnerability in Windows code that paved the way for ransomware such as WannaCry. At the time, the company distributed a free security update for Windows 10 devices to patch the hole and limit the threat. But there was no such update for Windows XP, and users were forced to pay between $200 and $400 if they wanted the update. After the attack began, Microsoft released the patch for free and included all older versions. Understandably, backlash is now brewing online.
But that isn’t the whole story. Support for XP ended three years ago after 12 years of full support from the company. Businesses knew the risk of continuing to use unsupported software, and in so doing assumed the responsibility for either patching their own systems or paying for custom support.
It’s also worth noting that the number of XP devices infected by WannaCry is “insignificant” — 98 percent of all affected Windows computers were running Windows 7, according to The Verge. And guess what? Windows 7 was part of the free March upgrade.
The Bigger Picture
For XP devices that have already been infected, CNET reported that a new fix called WannaKey might help. So long as the computer hasn’t been rebooted, the tool can scan for prime numbers used to create encryption and decryption keys and then unlock the device.
Another tool, WanaKiwi, does the same for Windows 7 computers. But even as security teams are cleaning up current infections and building decryption tools, Wired reported that cybercriminals are still trying to disable the kill switch to get the ransomware back on track.
Kryptos Logic cybersecurity analyst Marcus Hutchins discovered that WannaCry attempts to connect with a specified web domain. If successful, it indicates the presence of a security sandbox and forces the malware to go dormant. Hutchins registered the domain in the ransomware’s code, making it believe that every new infection was actually a security testing environment, and stalling the entire attack effort.
Now fraudsters are trying to take this domain offline by flooding it with junk traffic using a Mirai botnet. If successful, rebooted machines carrying the infection will begin spreading it anew.
WannaCry Woes Continue
So what does all this mean for businesses worried about the WannaCry ransomware and looking for ways to defend against the next big threat? It’s not enough to wait around hoping that OS vendors will offer a patch for free or provide automatic security updates.
While it may be cost-efficient to run older OSs and limit the need to deploy new software and integrate new functions, this shifts the onus from software-makers to in-house IT. Patching becomes paramount and the problem of device owners, not developers.
Many tears have been shed over WannaCry, and there are more to come as this plays out. Sure, it’s tempting to berate Microsoft for holding back a patch, but that misses the message and leaves companies vulnerable for the next ransomware rollout.
In short, the older the OS, the bigger the risk; patch first and patch fast to avoid the biggest problems with new ransomware risks.
Join the IBM webinar series: Orchestrate Your Security Defenses to Avoid Ransomware Attacks