Businesses Using Older Windows Operating Systems Now WannaCry
Unless you were off the grid over the recent Mother’s Day weekend, you have probably heard all about the WannaCry ransomware attack that started spreading on Friday, May 12th. Before it was (temporarily) stopped, the attack spread around the world, affecting computers in 150 countries – including computers used in healthcare systems, utilities, and government. On Monday, May 15th, as the world went back to work, the attack picked up speed again.
The common denominator in this worldwide cyberattack? Computers running vulnerable versions of Windows, including Windows XP, Windows 8 and Windows Server 2003.
Why are Older Windows Versions a Problem?
Operating systems from Microsoft generally have a lifecycle, which begins when a product is released and ends with End of Support. Businesses and individuals must decide how to proceed at the end of a product’s lifecycle. End of Support means that no new security patches will be released for any vulnerabilities discovered. If you don’t take advantage of the upgrade and choose to stay with an unsupported operating system, you are essentially choosing to play Russian roulette with the data on your machine.
A common example of this risky decision is Windows XP. When Microsoft ended support for Windows XP in 2014, many businesses opted to take their chances by not upgrading their operating systems. The effort and expense of upgrading to Windows 7 or Windows 8 was significant for most businesses. Changing over to a new interface required, in some cases, new machines. Some machines were running legacy software that had no upgrade available for newer operating systems. The learning curve for employees promised to be steep. All in all, it looked like nothing but expense and reduced productivity. In fact, one German city calculated that upgrading nearly 1,500 government computers from XP to Windows 7 would cost roughly $12,000 per user.
Faced with such obstacles, many businesses opted to stay the course with their Windows XP machines.
Many Businesses are Still Running Windows XP
How many? It’s estimated that more than half of businesses worldwide are still running machines with the XP interface. Moreover, roughly 95% of the world’s ATMs are running XP. Even the U.S. Army and U.S. Navy, along with many government agencies worldwide, still use machines running XP. For those of you keeping score, that means Windows XP is still in use by private business, banking, and the military. And if that’s not frightening enough, it’s estimated that 75% of water utilities continue to run this non-supported operating system.
Hackers could have quite a heyday just with Windows XP alone. A ransomware attack that focuses on Windows XP machines – like WannaCry – has the potential to inflict serious damage on healthcare, public works, and commerce worldwide.
How Bad is WannaCry?
End of support for an operating system is a serious issue. This means that the developer (in this case, Microsoft) will no longer provide security updates or patches for any vulnerabilities that may arise. While you can still use your computer with the outdated operating system, you will be susceptible to malware triggered by hackers taking advantage of weak or unpatched code.
Which, come to think of it, is how the WannaCry malware attack has spread.
How bad is it? WannaCry is part of a class of malware better known as ransomware. It takes advantage of an exploit in Windows known as Eternal Blue. When triggered on a computer, the virus executes as a Trojan, which allows it to spread to other machines. Because Microsoft ended support for Windows XP in 2014, machines still running this older interface are essentially sitting ducks. If WannaCry takes your Windows XP machine hostage, expect a demand for $300 in Bitcoins, which will double after three days. If you don’t pay the ransom within seven days, your files and programs, locked up by WannaCry, will be deleted. Security experts caution against paying the ransom, but you are up against a tight time frame for recovering your files.
This malware is so serious that Microsoft has taken the unusual step of providing a public patch for machines still running Windows XP. However, this patch is only available to systems with custom support agreements. For everyone else, there is a big decision to make: upgrade your operating system or take your chances. How lucky do you feel?
Avoiding Ransomware Like WannaCry
Ransomware is one of the six biggest threats to cyber security. There are ways to keep from becoming a technological statistic, however. A large part of this is simple vigilance. You must establish effective cyber security as well as practice good computing habits.
Construction of a good cyber security safety net has four critical parts:
- Upgrade your operating system, particularly if you are still using Windows XP.
- Apply all available updates and patches to your operating system, applications, and software.
- Make sure you have a solid firewall and antivirus to help screen out potential threats.
- Employ a good image-based backup solution. Such a solution will allow you to revert to a previous, pre-attack version of your system and continue business as usual.
Nothing is foolproof, but taking these steps will go a long way toward protecting your business data.
Partnering With a Security Provider
Cyber security is an important part of business today. Just ask those hospitals, telecommunications companies, and other companies dealing with WannaCry at the moment. If your infrastructure isn’t as up-to-date as it can be, protecting your business data is difficult at best. Fortunately, Lieberman Technologies can help. We can perform an assessment of your hardware, software, and network security and develop a plan to keep your business safe from a variety of threats. Contact us to get started!