A massive ransomware attack is currently spreading like a tsunami around the world, hitting high profile targets like UK’s National Health Service and disabling Spain’s Telefonica carrier.
The attack appears to exploit a hole patched by Microsoft in a critical update in March 2017, encrypting important data documents on PCs which have not been patched.
Now Microsoft has released an official statement on the matter on Friday, saying:
“Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt. In March, we provided a security update which provides additional protections against this potential attack. Those who are running our free antivirus software and have Windows Update enabled, are protected. We are working with customers to provide additional assistance.”
The exploit is believed to have been created by the NSA and was made public by the Shadowbrokers who discovered a trove of NSA hacking tools.
Patched computers were protected, but unfortunately many large organisations, such as the NHS, are slow to apply patches to all PCs, and some even run operating systems such as Windows XP which is no longer supported and will therefore never be patched.
Nigel Inkster, former director of operations and intelligence for MI6, told Sky News that one of the reasons the NHS, in particular, was vulnerable was its outdated software system. “A lot of hospital trusts in the U.K. — 40-plus last time I checked — are running their systems on Windows XP software, which hasn’t been supported by Microsoft for two or three years,” he said. “In other words, Microsoft is no longer looking for and seeking to repair vulnerabilities in the system.”
“The most exploitable industry in the world is the health-care sector,” said Tom Kellerman, chief executive of Strategic Cyber Ventures, noting the industry is chronically hobbled by regulation and insufficient investment in computer security.
This ransomware program, however, hit companies as diverse as FedEx and the Spanish telecommunications giant Telefonica.
Kaspersky Lab said its security software has “detected and successfully blocked a large number of ransomware attacks around the world,” including “more than 45,000 attacks of the WannaCry ransomware in 74 countries around the world, mostly in Russia.”
The ransomware, once opened by a single user on a computer network, is able to spread to many other machines on that network, vastly expanding the reach of the attack.
Europe, Asia and Latin America were especially hard hit.
“It’s one of the first times we’ve seen a large international global campaign,” said Chris Camacho, chief strategy officer for Flashpoint, a cyber-intelligence company.
While the attack and its impact on vulnerable people will do Microsoft no PR favours, it does bolster its case for Windows as a Service, where Microsoft takes responsibility for keeping the OS up to date with the latest versions, and also for assertively patching the OS even while users clamour for more control.
To protect yourself, make sure Microsoft patch MS17-010 is applied to your PC.
Update: Microsoft has now released a patch for Windows XP, Windows 8 and Windows Server 2003. Read more here.
Screenshot via gigi.h