Researchers find clues to WannaCry’s lasting risks
Two-thirds caught in attack running on Windows 7 OS without latest updates
Two-thirds of those caught up in the past week’s global ransomware attack were running Microsoft’s Windows 7 operating system without the latest security updates, a survey for Reuters by security ratings firm BitSight found.
Researchers are struggling to try to find early traces of WannaCry, which remains an active threat in hardest-hit China and Russia, believing that identifying “patient zero” could help catch its criminal authors.
They are having more luck dissecting flaws that limited its spread.
Security experts warn that while computers at more than 3,00,000 Internet addresses were hit by the ransomware strain, further attacks that fix weaknesses in WannaCry will follow that hit larger numbers of users, with more devastating consequences.
“Some organisations just aren’t aware of the risks; some don’t want to risk interrupting important business processes; sometimes they are shortstaffed,” said Ziv Mador, vice-president of security research at Trustwave’s Israeli SpiderLabs unit.
“There are plenty of reasons people wait to patch and none of them are good,” said Mador, a former long-time security researcher for Microsoft.
WannaCry’s worm-like capacity to infect other computers on the same network with no human intervention appear tailored to Windows 7, said Paul Pratley, head of investigations & incident response at UK consulting firm MWR InfoSecurity.
Data from BitSight covering 1,60,000 Internetconnected computers hit by WannaCry, shows that Windows 7 accounts for 67 percent of infections, although it represents less than half of the global distribution of Windows PC users.
Computers running older versions, such as Windows XP used in Britain’s NHS health system, while individually vulnerable to attack, appear incapable of spreading infections and played a far smaller role in the global attack than initially reported.
In laboratory testing, researchers at MWR and Kyptos say they have found Windows XP crashes before the virus can spread.
Windows 10, the latest version of Microsoft’s flagship operating system franchise, accounts for another 15 percent, while older versions of Windows including 8.1, 8, XP and Vista, account for the remainder, BitSight estimated.
Any organisation which heeded strongly worded warnings from Microsoft to urgently install a security patch it labelled “critical” when it was released on March 14 on all computers on their networks are immune, experts agree.
Those hit by WannaCry also failed to heed warnings last year from Microsoft to disable a file sharing feature in Windows known as SMB, which a covert hacker group calling itself Shadow Brokers had claimed was used by NSA intelligence operatives to sneak into Windows PCs.
“Clearly people who run supported versions of Windows and patched quickly were not affected”, Trustwave’s Mador said.
Microsoft has faced criticism since 2014 for withdrawing support for older versions of Windows software such as 16-year-old Windows XP and requiring users to pay hefty annual fees instead. The British government cancelled a nationwide NHS
◗ Half of all Internet addresses corrupted globally by WannaCry are located in China and Russia, with 30 and 20 per cent respectively
◗ By contrast, the US accounts for 7% of WannaCry infections while Britain, France and Germany each represent just 2% of worldwide attacks
support contract with Microsoft after a year, leaving upgrades to local trusts.
Seeking to head off further criticism in the wake of the WannaCry outbreak, the US software giant last weekend released a free patch for Windows XP and other older Windows versions that it previously only offered to paying customers.
Microsoft declined to comment for this story.
On Sunday, the US software giant called on intelligence services to strike a better balance between their desire to keep software flaws secret — in order to conduct espionage and cyber warfare — and sharing those flaws with technology companies to better secure the Internet.
Half of all Internet addresses corrupted globally by WannaCry are located in China and Russia, with 30 and 20 per cent respectively. Infection levels spiked again in both countries this week and remained high through Thursday, according to data supplied to Reuters by threat intelligence firm Kryptos Logic.
By contrast, the US accounts for 7 per cent of WannaCry infections while Britain, France and Germany each represent just 2 per cent of worldwide attacks, Kryptos said.