Down But Not Out, WannaCry Malware Continues to Infect Unpatched Windows PCs

WannaCry, the worst malware of 2017, netting its own virus author an estimated global profit of $4 billion has not ended its run yet. 2018 as a year of ransomware continued where 2017 left off, this is mostly due to the stubbornness of system administrators not applying the updates on time. WannaCry in itself was heavily relying on the use of the vulnerable SMB version 1 protocol in Windows that was already patched by Microsoft many months before the vulnerability was weaponized.

With over 90% of x86-class computers running Windows, there will always be a certain percentage of it will always harbor an old version of a vulnerable extension. It is the law of big numbers that suggest that, but the key role for anyone that manages computer system is not to suppress updates. The process may be painful from the standpoint of productivity, as time used for updating is the time that cannot be used for productive purposes within an organization.

The weakness in many IT systems that companies employ is the lack of a credible backup system. Companies with outstanding backup systems will never feel the negative effects of a ransomware infection. Affected PCs can just be reformatted and their original data be restored from an online backup, preventing the biggest risk that ransomware creates – the lack of hope for users to recover their precious irreplaceable data.

WannaCry was allegedly the reason behind the devastating ransomware attack against Boeing, the airplane manufacturer. The good news was Boeing is a disaster-ready company; it only took offline a few production computers, but not enough to cancel the operations of the company in any significant amount of time. This year, becoming infected by WannaCry is the fault of the company IT teams, as it is a severe disregard and negligence from installing the regular Windows update every second Tuesday of the month.

“It is concerning to see that WannaCry attacks have grown by almost two-thirds compared to the third quarter of last year. This is yet another reminder that epidemics don’t cease as rapidly as they begin – the consequences of these attacks are unavoidably long-lasting,” explained David Emm, Kaspersky Lab’s Principal Security Researcher.

As more legacy issue is discovered, the more important the updates are. It is not uncommon for hacker groups to reverse-engineer a Microsoft-issued patch in order to discover what particular area of the operating system it was fixing. With that knowledge, a specialized form of malware can be developed targeting that particular weakness that was patched.

Microsoft has tried everything in order to minimize the effects of WannaCry, to a point that they also issued a patch for Windows XP. It is an operating system that has ceased support since 2014, but due to the severity of the SMB version 1 bug that WannaCry exploit they have patched Windows XP to harden its security.

Still, many blame Microsoft for keeping its legacy code operating even until 2017. Server Message Block version 2 has been released with Vista in 2006, but still supported SMB version 7 with Windows 7. Microsoft requires reassessing the need of an extensive debugging team, instead of relying on regular users on their beta testing program to capture all the bugs.