Microsoft Releases 'Highly Unusual' Windows XP Patch As Ransomware Attack Spreads

Joan Terry
May 19, 2017

The initial attack, known as "WannaCry", paralyzed computers running factories, banks, government agencies and transport systems in scores of countries, including Russia, Ukraine, Brazil, Spain, India and Japan, among others.

The "ransomware" cyberattack that has hit as many as 200,000 victims in over 150 countries should be treated by governments around the world as a "wake-up call", IT giant Microsoft has said.The virus exploits a flaw in a version of Microsoft Windows first identified by U.S. intelligence.The attacks exploited the computers because they were running outdated versions of Microsoft's Windows operating system.

But we're still likely to be living with less virulent variants of WannaCry for some time.

His concerns were echoed by James Clapper, former director of national intelligence under President Barack Obama.

Security agencies have so far not been able to identify who was behind the attack.

It was too early to say who was behind the onslaught, which struck 100,000 organizations, and what their motivation was, aside from the obvious demand for money.

'Cyber crime is a growing problem and I think the cloud basically increases the need for prevention of cyber crime, ' said Price in a recent update to investors, in which he highlighted the strong performance of Proofpoint, up 50% over the previous year and one of the trust's biggest holdings. This malware-a type of ransomware-operates by encrypting an organization's data and demanding a Bitcoin payment (nearly $300 per attack) before it will restore the affected files.

The original attack lost momentum late on Friday after a security researcher took control of a server connected to the outbreak, which crippled a feature that caused the malware to rapidly spread across infected networks.

"When any technique is shown to be effective, there are nearly always copycats", said Steve Grobman, chief technology officer of McAfee, a security company in Santa Clara, California.

Kane delighted to score winning goal in White Hart Lane farewell
I wouldn't want to keep fighting relegation at the end of every season. "I steal nothing because there was no time", he said . It was a ideal way walking around at the end with the families and everything - it just shows what this club's like.

In this case, he said, the NSA apparently handed the WannaCry makers a blueprint - pre-written code for exploiting the flaw, allowing the attackers to essentially cut and paste that code into their own malware. See how much work did they do to lock these up in such a way! In the meantime, experts are recommending that organizations harden against this threat and ensure that all systems are fully patched with the "MS17-010" security update.

It's possibly the first time ever that Microsoft has issued a patch for a product decommissioned so long ago.

The attacks exploited the computers because they were running outdated versions of Microsoft's Windows operating system. The NSA tools were stolen by hackers and dumped on the internet. But it will improve intelligence services' accountability and, at the very least, force them to take better care of any dark stuff that comes into their hands.

Microsoft released fixes for the vulnerability in March, but computers that didn't run the update were subject to the ransom attack.

"Consumers have to understand the fact that they are in partnership with business and government", Levin explains.

Microsoft should know that there are people, small businesses, schools and hospitals that still use older version of Windows, such as XP (which came out in 2001).

Before this, Microsoft had made fixes for older systems, such as 2001's Windows XP, available only to mostly larger organizations that pay extra for extended support. Where possible only use official websites to download software.

As a loose global network of cybersecurity experts fought the ransomware hackers, Chinese state media said 29,372 institutions there had been infected along with hundreds of thousands of devices. But some experts have argued this attack could have been vastly mitigated if the NSA told Microsoft sooner. "But there's clearly some culpability on the part of the US intelligence services".

He said most people "are living an online life", and these agencies have a duty to protect their countries' citizens in that realm as well. Companies like Hitachi and Nissan Motor Co. reported problems they said had not seriously affected their business operations. "It's a handy thing to have, but it's a unsafe thing to have".

Other reports by BadHub

Discuss This Article

FOLLOW OUR NEWSPAPER