Clues To Ransomware Worm's Lingering Risks Found By Security Experts


05/20/2017



A survey for Reuters by security ratings firm BitSight found that Microsoft's Windows 7 operating system without the latest security updates were being run by two-thirds of those caught up in the past week's global ransomware attack.
 
Believing that identifying "patient zero" could help catch its criminal authors, researchers are struggling to try to find early traces of WannaCry, which remains an active threat in hardest-hit China and Russia.
 
They are having more luck dissecting flaws that limited its spread.
 
Security experts warn that further attacks that fix weaknesses in WannaCry will follow that hit larger numbers of users, with more devastating consequences while computers at more than 300,000 internet addresses were hit by the ransomware strain.
 
"Some organizations just aren't aware of the risks; some don't want to risk interrupting important business processes; sometimes they are short-staffed," said Ziv Mador, vice president of security research at Trustwave’s Israeli SpiderLabs unit.
 
"There are plenty of reasons people wait to patch and none of them are good," said Mador, a former long-time security researcher for Microsoft.
 
Paul Pratley, head of investigations & incident response at UK consulting firm MWR InfoSecurity said that WannaCry's worm-like capacity to infect other computers on the same network with no human intervention appear tailored to Windows 7.
 
Although it represents less than half of the global distribution of Windows PC users, Windows 7 accounts for 67 percent of infections, shows data from BitSight covering 160,000 internet-connected computers hit by WannaCry.
 
While individually vulnerable to attack, incapable of spreading infections and playing a far smaller role in the global attack than initially reported are computers running older versions, such as Windows XP used in Britain's NHS health system.
 
They have found Windows XP crashes before the virus can spread in laboratory testing, researchers at MWR and Kyptos say.
 
BitSight estimated that while older versions of Windows including 8.1, 8, XP and Vista, account for the remainder, Windows 10, the latest version of Microsoft's flagship operating system franchise, accounts for another 15 percent.
 
Experts agree that when it was released on March 14 on all computers on their networks are immune, any organization which heeded strongly worded warnings from Microsoft to urgently install a security patch it labeled “critical”.
 
SMB, which a covert hacker group calling itself Shadow Brokers had claimed was used by NSA intelligence operatives to sneak into Windows PCs, is a file sharing feature in Windows which Microsoft had asked to be disabled and those hit by WannaCry also failed to heed those warnings issued last year.
 
"Clearly people who run supported versions of Windows and patched quickly were not affected", Trustwave's Mador said.
 
Users need to pay hefty annual fees for support for older versions of Windows software such as 16-year-old Windows XP and Microsoft has faced criticism since 2014 for such withdrawals. A nationwide NHS support contract with Microsoft was cancelled by the British government and left the upgrades to some local trusts.
 
The U.S. software giant last weekend released a free patch for Windows XP and other older Windows versions that it previously only offered to paying customers and this is slated to draw further criticism in the wake of the WannaCry outbreak.
 
(Source:www.reuters.com)