The #WannaCry ransomware attack has reached over a quarter of a million computers across over 100 countries. Looking at the “heat map” of attacks it’s obvious that some countries have fared worse than others.
Figure 1: NYTimes WannaCry Map
Russia, Ukraine, Taiwan, China, and India are reporting a disproportionately high impact versus companies in the United States, France, and Canada. Some security researchers claimed that these countries were “targets,” but there is another, more bleak, possibility.
What does the NHS in the UK have in common with the interior ministry of Russia and businesses in Taiwan and India? The majority of the companies impacted were running older version of Windows, such as Windows XP and Windows server 2003.
The companies running the older versions of Windows thought they had two whole months to apply the critical security patch MS17-010. It was released on March 14, 2017, by Microsoft, to addresses the security hole in Microsoft Server Message Block 1.0 (SMBv1). However, the patch wasn’t available for Windows XP or Windows Server 2003 until Saturday, May 13th, 24 hours AFTER #WannaCry attacks started.
There are still over a hundred million PC’s, roughly 7% of the worlds computers, running on Windows XP and Server 2003. These companies had the option to buy the expensive Microsoft support for their systems, but without it they had to wait for the critical patches for their security, in this case, it was too late to protect them.
Figure 2: Desktop OS Market Share
Microsoft isn’t the only vendor that has this business model, it’s common across the industry. Companies want to sell the newest and best technology and they give negative incentives to make upgrades happen.
In the wake of the #WannaCry attack there are many vendors that have left customers unintentionally exposed because they haven’t upgraded to the newest edition of product. These companies aren’t supporting old versions with new patches, and it makes sense from a business prospective.
But what about the customers? Not all customers have the resources to make continuous updates to their OS or products. They can’t shell out an extra hundred thousand US dollars per year on the newest version of their software. Should they be unprotected? Should only the well-funded companies survive?
Looking at the chatter around the #WannaCry attack there were a lot of claims that their latest product or next-gen AV blocked the worm, but digging deeper the reality is that NONE of these products that claimed to defeat WannaCry and EternalBlue support Windows XP.
Checking internally, Bitdefender’s Endpoint Security protected 100% of customers, regardless of what version of Windows they were running.