Yesterday, computers around the world running earlier versions of Windows such as Windows XP (from 2001…) and Windows Server 2003 were impacted by a malicious vulnerability called ‘Wanacrypt’. Experts have determined the malicious code takes control of the computer and encrypts all the data on the hard drive. It then requires payment using Bitcoin to get access back to the computer. It was originally developed by the NSA and used as a backdoor into systems.
Unfortunately, the code was leaked and ended up in the wrong hands, resulting in today’s situation. Critical emergency services such as hospitals and law enforcement in the UK have been broadly impacted by ‘Wanacrypt’. The end result being, if you don’t have a backup of your system with an App like Crashplan that keeps all versions of all your files, you’re out of luck. Unless that is you’re running a modern operating system like Windows 10.
Windows XP, Windows Server 2003 and Windows 8 Get Security Fix for ‘Wanacrypt’ Attack
The severity of Wanacrypt has been so devastating that Microsoft developed a fix for out of date versions of its Windows operating systems. Although the fix can’t reverse the effects of an infected system, it does prevent vulnerable versions of Windows from getting infected, at least from this specific malware.
The software firm detailed in a blog post measures customers can take to protect and remove the malicious software from their systems.
Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. This blog spells out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.
Details are below.
- In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
- For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.
- This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks).
There was no mention of Windows 7, Windows Server 2007 or Windows 10 being susceptible to the Wanacrypt ransomware. Obviously, this is yet just one more reason to keep your computer on the latest operating system. Yes I know, it’s not always to keep updating, however, in order to stay ahead of the bad guys, Microsoft spends billion. With this in mind, if you’re still running an older version of windows, please consider upgrading to Windows 10 today.
Users on older releases still supported by Microsoft can do their part to ensure attacks like these are minimal.
- Apply the patches for your systems when they become available. I hate to say it, but Microsoft did release a fix for this, most of whom got attacked, simply didn’t install the Microsoft Security Bulletin MS17-010 patch.
- Backup, we talk about it all the time at Groovypost, if you are not doing it, now is a good time to start.
- Be conscious of your email messages and where they come from. Wanacrypt was able to infiltrate systems through email attachments some users opened unsuspectingly.
Users can download patches for their respective versions of Windows at the following links: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64