Published on May 18, 2017
If you follow the news, you probably heard that last weekend there was a massive cyber attack that affected millions of computers and devices. And it wasn’t just individuals who were affected, media outlets such as The Verge have noted that at least 16 hospitals in the United Kingdom were shut down as a result, affecting many lives, as patients’ medical records could not be accessed.
The attack involved ransomware called “WannaCry,” which froze systems and locked and encrypted files. When people tried to use the affected devices, they were faced with a ransom: $300 in Bitcoin.
As reported in The Guardian, The attack exploited a weakness in older versions of Microsoft Windows. The systems’ vulnerabilities were revealed publicly several months ago, and Microsoft released security patches for newer versions, but not some of the older ones.
While some of the affected machines were infected because users neglected to download and install the security updates, the ransomware also infected users running unsupported old operating systems, for which no updates were even available. As The Verge reported, Microsoft has now taken the unusual step of providing publicly available security patches for the older operating systems that were in “custom support only,” including XP, Windows 8 and Windows Server 2003.
Yes. The incident is a painful reminder of what we at Hushmail frequently preach as one of our top security tips and that is part of our daily lives: always keep your operating systems up to date.
For affected users, something as simple as downloading the security updates could have prevented them from being infected. It also would have stopped their computers from infecting other computers, as the cyber attack was delivered via phishing, which uses the infected computer’s contacts to spread. Being infected with ransomware can have a catastrophic impact on the person infected, and can lead to a similar impact on the people in your contact lists.
Software and systems have weaknesses, it’s just the reality of cyber life. The companies that make the products usually issue updates to patch the holes when vulnerabilities are discovered, but you have to monitor the situation and update your software when necessary to keep yourself and your data safe and secure. Automate the process if you can. Get the security notifications. Do whatever you can to make it easy to stay up to date. Our "Top 3 security tips" blog post includes several handy tips to put into practice today.
When a company stops issuing security updates, it’s probably time to get a newer version of the software, to ensure you’re protected against current threats.