Microsoft today took the “highly unusual step” of releasing a public patch for older Windows versions that are otherwise only eligible for custom support — Windows XP, Windows 8 and Windows Server 2003 — to fix the vulnerability being exploited by the widespread ransomware attack targeting institutions around the world.
“Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful,” said Phillip Misner, principal security group manager for the Microsoft Security Response Center, in a post this morning. “Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers.”
Microsoft patched the vulnerability in March for supported Windows versions. A researcher for Avast says the cybersecurity company has now detected 100,000 incidents involving the ransomware over the past day.
— Jakub Kroustek (@JakubKroustek) May 13, 2017
When a victim is hit by the ransomware, file extensions are changed to read, “.WNCRY.” A ransom note is dropped into a text file, and a window titled “Wana Decrypt0r 2.0” pops up. The messages include the ransom demand, $300 in bitcoin, and instructions for recovering files. Along the side of the window are threats for a timeline of when users’ files will be lost and a deadline for increased ransom price.
Corey Nachreiner, CTO at WatchGuard Technologies, earlier this year predicted we might see a “ransomworm” attack in 2017, that is, an incident in which hackers exploit worm-like flaws to infiltrate systems and spread ransomware. He told GeekWire in an email exchange that Friday’s attack appears to fit this description.
As far as take aways, the easiest and most obvious way to avoid such attacks is to stay up to date on software updates and use supported operating systems. Numerous British hospitals victimized in the attack were running XP.
Nachreiner also recommended organizations invest in advanced malware protection, and build up a multi-layered defense to cyber attacks. But in the case of a disaster, cyber or otherwise, it’s important to have a recovery plan.
Incidents like these show us how dependent we are on our computers and digital information. Whether it is because of an electrical outage, a flood, a break in, or a ransomware attack, your digital systems are at risk of being knocked off line. That’s why every organization needs a disaster recovery and business continuity plan. Obviously, data backup is a very important part of these plans. Major incidents like this ransomware example seem to suggest that many businesses and organizations haven’t spent much time planning for a disaster. While having a plan won’t make a disaster any more pleasant, it should at least allow you to recover more quickly. If you can only do one thing, at least backup your data.
Update: New reports cite the discovery of an obscure kill switch that may be hampering the ransomware.