Microsoft: Ransomware Targets Out-of-Date PCs Only

Posted on May 13, 2017 by Paul Thurrott in Windows with 79 Comments

Microsoft: Ransomware Targets Out-of-Date PCs Only

As you may have heard, a massive ransomware attack has infected PCs in at least 99 countries. But Microsoft says that it had already fixed the vulnerability that enabled this attack. Meaning that the PCs that were successfully attacked had not been updated in a timely manner.

“On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed,” a Microsoft Malware Protection Center blog post notes. “While security updates are automatically applied [to] most computers, some users and enterprises may delay deployment of patches. Unfortunately, the malware, known as WannaCrypt, appears to have affected computers that have not applied the patch for these vulnerabilities. While the attack is unfolding, we remind users to install MS17-010 if they have not already done so.”

In case you missed the implicit admonition there, Microsoft has switched Windows 10 to a servicing model it calls Windows as a Service, or WaaS, the idea being that it’s only possible to keep all Windows users safe if all Windows users keep their PCs up-to-date with security fixes. Under this system, all Windows 10 PCs are kept up-to-date … unless they are in larger businesses, which still have the option to delay updates for many months. It is these businesses—and those with older Windows PCs who likewise don’t update them in a timely manner–that are at fault for the success of this attack.

The security fix in question, MS17-010, was released two months ago, in March. The ransomware, called WannaCrypt, targets the security vulnerability that was fixed by that update and

While I’m a bit mixed on blaming customers for this issue, it’s interesting that WannaCrypt doesn’t actually spread all that quickly, and it doesn’t use social networking to trick users into doing something stupid. It just targets PCs that were not updated correctly. Had those customers kept their PCs up-to-date with just security fixes, this attack would have been a non-event, Microsoft says.

“Microsoft antimalware telemetry immediately picked up signs of this campaign,” the Microsoft post explains. “Our expert systems gave us visibility and context into this new attack as it happened, allowing Windows Defender Antivirus to deliver real-time defense. Through automated analysis, machine learning, and predictive modeling, we were able to rapidly protect against this malware.”

Like other ransomware attacks, WannaCrypt encrypts the PC’s hard drive, preventing the user from accessing their own data. After decrypting a few files to prove what happened, it then presents a ransom demand: “Pay now, if you want to decrypt ALL your files!”

To prevent this attack from succeeding, all you have to do is keep your PC up-to-date: This vulnerability was fixed two months ago. And Microsoft, in an unprecedented move, is even patching Windows XP, which is no longer supported. (Talk about not keeping your PC up-to-date.)

I’m still researching whether there is an established method to remove this ransomware from your PC if you have been compromised.


Elevate the Conversation!

Join Thurrott Premium to enjoy our Premium comments.

Premium member comments on news posts will feature an elevated status that increases their visibility. This tab would allow you to participate in Premium comments with other premium members. Register to join the other Premium members in elevating the conversation!

Register or Subscribe

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate