Ransomware attack: Time to kill off old Windows XP systems for good

3 years ago admin Comments Off on Ransomware attack: Time to kill off old Windows XP systems for good

It’s time for everyone to kill off their old Windows XP systems for good. This is the first of several necessary actions following the digital ravaging caused by the WannaCry virus on the weekend.

The same can be argued for other unsupported versions of Windows such as Windows 8 and Server 2003. Upgrade to a supported version and make sure automatic updates are ON.

Using network-attached computers unprotected without the latest patches is worse than having unprotected sex with a stranger in the real world. Metaphorically, it’s more like having unprotected sex that causes everyone in the neighbourhood to become infected.

An unprotected PC with the WannaCry exploit can encrypt files on even protected computers if those files are configured as a shared drive on the infected computer and are writeable. We’ve seen this in earlier forms of ransomware.

The cyber security industry and the big software companies such as Microsoft had known about the potential devastation of a WannaCry-type exploit for months.

Microsoft issued a patch to prevent it infecting supported operating systems (OSs) such as Window 10 in March. Everyone knew the risk then. All modern systems were protected from hosting WannaCry provided the updates were installed. That should happen automatically, unless, for whatever reason, automatic updates were disabled.

Of course no computer system protects you if you open an email with yet-to-be-identified ransomware, or your new OS is not kept up-to-date. But systems such as old Windows XP PCs were left defenceless until the exploit hit.

In defence of Microsoft, why should it be held responsible for continually updating operating systems that it retired long ago? It has moved on to offering better, more modern and safer alternatives. It generally supports old OSs for a period before notifying everyone that support has ended and the old OS is now a risk.

After this weekend’s cyber attacks, one of two things has to happen. Either Microsoft has to resume supporting all old OSs with ongoing security updates, or the old systems should not go online again. They should not be connected to a network or the internet, and their files should not be shared with other computers.

The new dangerous element is a cyber spying tool embedded in WannaCry called EternalBlue. It seeks out other devices on a network and, using a backdoor, installs the exploit on that device if its Windows system is unprotected.

As I said, any computer can be infected by ransomware if you open an email with the malware attached, but EternalBlue gets around the need for careless users to do even that. It’s EternalBlue that OS patches target.

WannaCry went on to infect 200,000 computers in 150 countries and could have infected lots more had a kill switch not been discovered that shuts it down. It is believed hackers install kill switches to try to thwart investigators examining how the exploit works and discovering its trail across the internet after the exploit has done its worst and is discovered.

But why would Britain’s National Health Service (NHS) and other organisations still use XP machines? Sometimes it is because some hardware is too antiquated to use more modern operating systems. It could be the cost of Windows 10 to enterprises.

The most likely reason, I believe, is that many organisations are shackled with old tailor-built software created more than a decade ago that isn’t compatible with supported Windows versions. Updating this software, if it could be updated, could cost millions.

And it might be impossible to update such software where the original programmers moved on years ago, or the system is poorly documented and impossible to unravel. Corporate knowledge might have vanished, and the company that created the software might have ceased to exist. Contracts written at the time may have ignored the imperative of compatibility with OS updates.

It all means millions more in costs.

But with so many computers having unpatched operating systems out there, the stage is set for more WannaCry-style exploits that are not so easily shut down. These measure are necessary, although they only address the start of the problem. Sophisticated anti-exploit software is another necessary measure. Effective backup systems is a third.

Reader comments on this site are moderated before publication to promote lively and civil debate. We encourage your comments but submitting one does not guarantee publication. We publish hundreds of comments daily, and if a comment is rejected it is likely because it does not meet with our comment guidelines, which you can read here. No correspondence will be entered into if a comment is declined.