Windows Defender and Windows Update protect from new ransomware attack, Microsoft says

Those lazy asses are still running Windows XP. what do you expect. Should have upgraded to Windows 10 a long time ago or "at least" Windows 8.1

Didn't Microsoft offer a pathway for Windows XP to be upgraded to Windows 10 when it was free?

Definitely not. Win 7+ only

Laziness doesn't have anything to do with it. If you've ever gone outside of your bubble you'll realise that companies, especially government funded ones, actually have budget constraints. Upgrading is massively expensive in terms of hardware, installation, data transfer, training etc. You can bet that the IT departments have been screaming for more money for a decade and management just don't care as long as things are still running.

It has nothing to do with whether a user has admin priviledges or not. Our standard users our locked down from installing any software from anywhere, but we have standrad users (no modify rights anywhere except their "My Documents" folder) in our parent company in Spain that still got hit. None of our USA computers were infected. This infection uses an exploit that grants the ransonware elevated rights so it can do its thing. (which is encrypt your drive and demand money to decrypt it)

Were those computers up to date?

Vulnerability was fixed by MS in March but unfortunately it's not always easy to patch systems on tine. VMware Mirage is a product that could help in those scenario as you can restore the system to a specific point in time but without modifying user's data

Totally useless, as the key issue here is the fact this "virus" targets user data, not the system.

@Serpentbane, I think his point is that it makes it safer to deploy updates, knowing that if the update causes any problems (historically, that's the main reason IT departments don't just leave the systems on immediate auto-update), IT can revert to thet prior state w/o affecting documents. And if those computers had the update, they would have been protected from the attack.

They already do, only admins have those privileges and even then they only use them when needed.

Yeah. That helps only to a certain extent. In my case, people are denied of so many privileges when they have a problem it takes IT weeks to help them. Then they have to ask me to hack into Windows and force admin privileges for them so they can get back to work quickly. One person had a glitch in which the Wifi adapter was disabled and you needed admin privileges in order to enable it and they couldn't even request for help via the online system because they couldn't connect so I had to hack into the computer to fix it. Denying privileges is a good and bad thing....

I always trust ms and windows defender 💔

I use Kaspersky. ms has demonstrated us its flimsiness with windows 10 bugs!!

You trust Kaspersky? LMAO, good luck with that! 

WikiLeaks Vault7 saga has shown us when the CIA wants in, nothing stops or prevents them.

So you trust Russians with your PC security. What a joke. 😂

Blanket statements, dude. I don't use it, but not all Russians are bad just because their government is. Same with any other country.

I am saved..hopefully..

Hackers are not stupid to hack your system foolish😂😂😂

This is why I get so mad to see so many computers in government buildings running XP or Win7. Like please upgrade to protect mine and my fellow citizens information please.

This sounds like you're in favor of a herd immunity.

Are you implying that you *arent* in favor of herd immunity?

That's how vaccines work...

Windows 7 is at least supported if not as secure as 8.1 or 10 but running Windows XP years after it became unsupported and guaranteed insecure is just criminal incompetence.

Maybe if management are hauled away in the back of a cruisers, they can notify the officers to upgrade their in-car pc's from XP..

MS still update UK government XP systems, but they at least in part are updating to windows 10

well, US Navy has a service contract with MS for XP. Yes, and the thing is, XP is not even effected....  

Microsoft released patches for this vulnerability for XP, 2003 and W8 today so no service contact needed. XP is affected, the vulnerability is an issue with the way MS implemented SMB 1.0 and affects all Windows systems.

What they need to do is shut down Bitcoin. Bitcoin allows them to stay anonymous. It started all this ransomware crap.

The amount of money transferred to that bitcoin account is only $20-30 thousand. That is not much compared to the risk the bad guys are taking. There is a lot of powerful people looking to find those responsible and mete out some justice.

I will just format my pc and install backup.

This particular ransomware encrypts your drive. You won't be able to just format the drive. You'd have to use diskpart to delete partitions and clean the drive. Then you can format it.

It doesn't encrypt the partition table. If it did the computer wouldn't boot. Just formatting the drive should be fine.

No, you have to burn the hard drive and replace it.  If you don't, after six days your drive explodes. 

Utter rubbish, a virus of any sort can't create an explosion

It was a joke @Brian2014 !!

it was a joke dude... Facepalm...

Just format. That's it.

That's fine for your PC at home where no mission critical data could be lost but in a workplace that's a little hard to do. In a workplace critical data should really be stored on a server.

The parent company of the company I work for got hit. The parent company is located in Spain. Many of their users were tricked into thinking they had a blue screen of death (which they call blue ghost). This screen told them they had to reboot. Once they reboot the ransomware encrypts the drive and then displays a message dermanding money to decrypt the drive. We're not sure how it first started or why the computers weren't patched. All of our USA computers as fine as far as we know.

My guess is that, at least for the NHS, it will be traced to someone opening an attachment from an unknown source.

No matter the administrators do, there will always be some people that don't pay attention to what they click on and screw things up for everyone else.

I wish I could say I surprised that an organization holding sensitive personal details hasn't kept the systems updated or even applied basic security, the do it later and avoid down time for maintenance attitude is everywhere. security updates, patches and a stunning disaster recovery process is obviously in place and ready to go. It's a general p poor attitude to security, because until it goes wrong no one can be bothered.

I work for the Health Service in the UK and it is extremely saddening that whoever let loose this havoc targeted something as sensitive as the NHS. Many hospitals that rely on their IT for appointments, patient notes, investigation results, drug records and charts had to declare a Major Incident due to the repercussions of this. Also, the affected hospitals had to relocate patients from A&E, and surgeries had to be cancelled or rescheduled.

Criminals don't care about the hardship they cause other people. If they did care they wouldn't be criminals.

It's a shame that due to lack of funding (UK government's austerity economics) that a lot of PC's never upgraded from Windows XP for cost cutting... Now there's more costs of fixing this when they could have upgraded their systems. They paid Microsoft around £5 million to keep supporting XP for UK's public sector for an extra two years but this finished in 2015.

I do not work for the Health Service in the UK and it is extremely saddening that whoever runs it cares so little about its patients by using insecure computer systems.

Ahem, if it was *targeted* why did they only ask for $300? They could have asked for $300,000 or maybe $300 million? 

This wasn't a targeted attack though as Telefonica, Renault and even Russian Government system were affected to name just a few of them.

Actually that's unfair there's probably a team of it support guys being barred from uttering the words "I did say"

I can well imagine that.

That's a safe bet.

Every one of those systems including the UK National Health Service is being administered by incompetents who can't do the minimal job of securing the agencies and corporations. Sometimes this is the IT department's fault, more often it's an executive group who don't give their IT departments the funds to do their jobs. An analogy: think of being in a corporation or agency where they budgeted money for a fleet of cars and trucks but refused to allocate money for tires, brake shoes and oil changes. You'd fire the person who made that decision just as the people who decided to not spend the money to properly keep their computers updated should be fired.

Exactly. Sure there are some zero day that could affect a few machines, but not to this scale. Problems like this are not new or isolated to one platform and it comes down to very poor patch management policies. I guarantee when large organizations that were hit hard begin reviewing what happened, they'll start at the bottom and stay there. In all reality, management at all levels should be pulled out in front of the firing squad along with the idiots responsible.

Absolutely. They will all be kicking themselves and wishing they had behaved differently when they calculate how much their complacency is going to cost them. Some inevitably have to learn the hard way sadly.

Just imagine if companies kept up to date with Windows Updates…

Hahaha, this is a prime example of the good old saying; values change, the data doesn't. The fukn NSA was busy using these exploits to snoop everyone's machines, in search of "terrorists". Now would you look at that, they themselves got hacked and those exploits are now the tools for them terrorists.

And now you know why Windows 10 was a recommended update

Windows 10 had the same vulnerability. Ultimately it boils down to keeping systems patched and running a supported OS.

The main problem is that a lot of the computers in the NHS apparently still run Windows XP. Windows XP will never be patched for such exploits and so will always be vulnerable. The reason such vital computers still run XP is due to chronic underfunding from multiple governments who would rather use health as a political football than make some real decisions about it, as these might take 10 to 20 years to pay of - there's no benefit from decisions such as that in the next election. So what we are left with is this embarrassing shambles. What a damn shame.

The NHS has chosen to continue using a very old OS even when funding was there to upgrade. Blaming this on cuts doesn't really explain why some trusts who are under the same financial restrictions have chosen to upgrade their IT whilst others decided otherwise. I suspect this is local management decisions at work here, not overall budget cuts from central government. 

Actually it was the Ministry of Health that chose not to renew the service contract with Microsoft that is at fault, the NHS had no say in it.

How is NHS different from the health ministry? It is the health minsitry running NHS and taking decisions. I can't find a way to draw a boudary between the two

You are correct about the cancellation of the government contract but I think you know very well that local NHS trust managers were able to choose to upgrade if they made the decision to do so too regardless of that contract cancellation, many chose to do so and were not his by the malware attack, those that didnt were hit badly.   

Seems to me that migrating programs to Windows 10S would not be a bad idea.

My company still uses Vista mostly and XP is on some of their machines. I'm surprised our company won't upgrade to 7 or even 8.1. I upgraded to Windows 10 for a reason on all my devices.

So am I. Upgrading from Vista to 7 is a no brainer I would have thought.

This is insane. If those guys are ever caught they should be charged for murder. .

Although lives are at risk when the health system IT fails, no one has actually died as a result of this

Jeez that 1 billion user base goal by Microsoft was so doable if only companies and organizations got their **** together. Windows XP???? Yes I know legacy apps, etc. But seriously this stuff needs to be budgeted in or it's just a matter of time that this happens!!!

Thank you, Microsoft. I do appreciate it. 

I was a victim of this dangerous threat....but luckily i had created back up for nearly 60% of data and remaining are always re downloadable from Internet...i just reinstalled my Windows 10 and formated all drives to make sure that all traces are removed. ALso another alternative is you can your data recovery tools to recover the data. Because what these randsomeware does is to create copys of ur existing files, encrypt it and delete the original...so you can always recover the data given patience and a decent recovery software...

I always have an image backup of my system and data disks, an external disk that isn't connected to the PC except when backing up. Keeps it safe!

that is why delaying updates is not an option in our day and age. the old rules do no longer apply. also any organization that does not have cloud storage with versioning and/or daily backups for all mission critical files is not in a fit state to be online anyway. user laptop is encrypted? reset it and resync the files onto it again. if the encryption had time to spread to the online files, set it back one version and you are good again. if you do not have sync/versioning you at least should have daily backups so all that is lost is one day at most. sucks but is manageable. instances like this will educate organizations that IT departments can not be run with a skeleton crew on a minimal budget unless you want to run into trouble. as for the criminals spreading ransomware, aside of a speical place in hell these people need to be met with the hardest legal action possible. find them, lock them up and throw away the key.

Too many users (both consumers and IT decision-makers) think they know better than Microsoft when it comes to patches. Test your specific use case and applications, sure, but do it quickly. The old "wait and see" attitude advocated for by a forest of sticks in the mud is causing real damage to global IT infrastructure.

Exactly, times have changed and I cannot believe the amount of people who still do the XP thing of disabling automatic updates. What's the lesser of two evils, having a minor issue with a driver from Windows Update the can be easily rolled back or the inconvenience of reinstalling Windows due to Ransomware/Malware?

I'm curious about your thoughts on this new Edge vulnerability that was just discovered..https://www.neowin.net/news/new-microsoft-edge-vulnerability-allows-hack...

"have Windows Updates enabled are protected from 'ransomware' attack" antivirus wouldn't stop this, only updates. Don't rely on antivirus. A lot can make you more of a target.

Just for the record the NHS in the UK was told that XP would no longer be supported after April 2014. MS extended their support deal with the UK until May 2015 to give the NHS sufficient time to upgrade their systems. By September 2015 upgrades had still not been made in a number of NHS departments and a warning regarding the vulnerabilities this failure to act represented was published. 2 Years later the NHS XP based systems are hit with ransomware!

The problem is not xp. The problem is that most of those PC s can't be upgraded to w10. They have to trash perfectly functional devices and replace them because corporate greed and consumerism want to release new OSs with essentially no new features. Take the case of Redstone and L830, L930: Perfectly functional hardware was denied updates. When all your infrastructure has to be replaced a few years apart for a corporate decision who is also to blame?

PCs still running XP may be functional, but they are living on borrowed time, and have been for a while. Hardware fails eventually. Its usually best to not wait until that happens to update. Its not greed and consumerism, its mitagating risk in advance. Its just not reasonable for MS or others to continue devoting resources to support 15yr old products. If you want the advantages of technology in your business, you need to realize that keeping up to date is the cost of using that technology.

All this infrastructure you speak of is tax deductible you know so speaking as a small business owner I don't have a great deal of sympathy when I hear large organization complaining about the costs of having to upgrade IT. With notable exceptions such as older medical equipment most of the everyday administrative tasks large organizations have to handle can be performed using off the shelf modern software too. At the end of the day companies and organisations cannot afford not to upgrade.  

It's easy to blame IT tech dept's for simply not updating their OS when you know very little about how many of these businesses work, especially healthcare. Just because there was a way to get Windows 10 upgrades free does not mean that all companies could simply switch to Windows 10 due to the other software they are using which in many cases is outdated or too expensive to switch over or as in the case of healthcare. Healthcare software is not always all-inclusive for all their needs so when it comes to say doing billing for different departments such as physician billing vs clinical side. In most cases many companies can not simply upgrade due to legacy software which is something you keyboard heroes have no clue about. Learn what you're talking about before jumping in with a dimwitted opinion. Don't look now, but your ignorance is showing.

Exactly. The nitwits downvoting you have obviously never had to work in IT in the real world. I've had to deal with a customer running Windows 98 because they were in a mining-related field and had a PC with a proprietary ISA card inside for some specific system. The new version would cost something like $20k to upgrade so they were trying to hold on to the old PC for as long as possible. Note: that was back in 2006-2007 so it wasn't so outrageous as it would be now. Another situation, where a company has some specific software that runs all their crucial systems but either a new version comes out that requires a new OS, all new hardware, plus weeks of time to migrate the data OR the company has gone bust, so they have to go with an entirely different system requiring new hardware/weeks of migration/weeks of training etc. These cost companies a shedload of money... $100-200k is not unheard of, so it's no surprise they cling onto old systems that still work fine. Couple that with companies that have relatively small IT budgets and people wonder why they still use old systems for as long as possible

My old company had several PCs running Windows 3.1 for the same reason, proprietory hardware in the PC. The important thing was, they were completely unconnected to the network/internet, and so there was no security risk.

and thats how you deal with it. Yes, there are proprietary systems that can no longer be upgraded, so you take them off the network and isolate them to one function. We have some medical devices like this. Network traffic is only allowed one direction to one PC on one port using one protocal. Everything else is blocked. There are ways to keep old things in service without exposing your entire network. While I understand there is a cost to upgrading that companies dont want to spend, there is also a cost to not upgrading and we are seeing that now.  

Thank God its already been blocked by Microsoft, I was getting quite worried that it could affect me with all them Dark Web pages I visit and by that I mean all them Star Wars websites (LOL), I Don't Understand why these companies don't upgrade their systems or is it because it's quite costly, tedious and requires staff training, but still surely there were updates to prevent this even on 8.1 and 7, but they were just not installed, well thank God ordinary people (hopefully) keep their systems up to date, although we don't really get a choice with Windows 10 because the updates are pretty much automatic!!! Hopefully they work out a work around or a patch!!!

I work for someone are too reliant on very old bespoke software which they struggled to get working on XP and refuse to pay to get them upgraded to work with newer os. They also get screwed by outsourced developers who make make browser front ends which work with exactly one browser version and when we upgraded from ie 8 to 11 they wouldn't work.

The company I work for love purchasing or updating to a version which has already been superseded. We've only just started using server 2012, not too long we went from XP to 7.

Depending on their situation and requirements they might be able to look into Azure cloud hosting. It can always the latest and greatest version, but obviously depends on what is running on it

So after looking at the comment section for this article. It seems that people just don't have the right information about this malware and don't really know how IT works for large companies and government agencies. The WannaCry ransomware uses a vulnerability in the SMBv1 protocol that was never patched (until March 2017) ever since the protocol came out nearly 2 decades ago so this affects pretty much every single Windows OS since Windows XP. The author used a weapon-grade exploit that the NSA used called: Eternalblue. The author copied Eternalblue and used it to access the network.  The big issue with this ransomware is that it can create copies of itself and will try to install itself on any non-patched Windows systems it has found on the network. It doesn't matter if the user has admin rights or not since it's a flaw with the protocol itself. It is important not to pay any ransoms as they're never guaranteed to work and it just promotes people to keep doing it. On the subject of large companies and government agencies. I've dealt with government agencies myself when upgrading from XP to Windows 8.1 (which was last year) The major issue is that you cannot just upgrade every PC in the company and expect everything to work out of the box. It takes months and even sometimes a year of planning out the deployment of a new OS. The issues encountered when upgrading an OS are numerous. Are the drivers compatible with the newest version? If not, how are we going to replace them? Can they still use their software? If not, do we replace it? Hire some programmers to make a new one? Attempt to migrate it via App-V and hope it works? Or leave it there (that's usually the answer.) Will the Windows server require an upgrade as well in order for Active Directory to work properly? Does it have an Exchange server and SQL database that needs to migrate in two or more versions before landing on the latest version? How are we going to document the whole procedure? The list goes on and on and so the costs can easily be in the millions of dollars just by labor costs alone (because there is no way upgrading an OS is a 1 man job in a large company). Also the free Windows 10 offer didn't apply to Entreprise licences they had to purchase it day 1.  Another issue is that IT department want to upgrade but they require approval from the higher ups and sometimes convincing them to say yes is next to impossible because they just don't get it.   I apologize for the wall of text. It seems that people have misconceptions about the IT industry as a whole.

Spot-on!

Don't apologize. This is an excellent post. That being said, there are today organizations still running on Windows XP, if not NT. With old virus scanners or none, and a completely neglected IT. Those IT organizations never invested in keeping their infrastructure up-to-date, but merely patched it... For example, there are ATM machines at banks running on very old equipment... I am surprised it took so long until this happened.

Updating OSes does take a lot of time. Keeping up to date on patches, on the other hand, is not that hard.
If you know it will take 6mo in your organization to update your PCs to Windows 10, you dont wait for Windows 7 support to end to get started. You should already be testing now. Its simply a matter of planning and testing - and budgeting the resources for testing and planning. Our biggest problems seem to be applications that are not being kept up to date, or vendors that do not update their software. We have found that upgrading from Windows 7 to 10 is MUCH easier than the upgrade from XP to 7. We will probably be able to roll it out in 1/4 the time.

Congrats for your enlighting detailed insight

Always stay updated on the latest systems, stay safe, don't disable updates/security patches, avoid regretting after the damage is done because all you had to do was to stay updated and now all is lost and a lot of valuable work time is wasted.

Sad for all those people still on 7/8.1 especially businesses (from whom upgrading OS is often a year+ project). There's a silver lining however - businesses may realise how vulnerable they are leaving themselves by remaining on unsupported EOL products.

Having recently hit by Spora Ransomware I honestly believe it's worse for individuals than for businesses. At least businesses can afford to pay the ransom to get the encryption keys get their files back, where individuals cannot.  Whether it's a business or an individual it will still bring about a hell they can't imagine they're in.

that is assuming that paying the ransom will actually give you an encryption key... there is a reason why you are not supposed to pay ransoms. There are no guarantees that they will actually do what they say they will do by giving them money

I guess we will see what happens come Monday morning. The bad guys should have had sufficient time to modify or remove the kill switch in the code.

it is a hard, but an eye opener nonetheless, for people who don't appreciate the efforts put in by comapnies in releasing fresh updates. Such people beleive that they should not automatically update their PCs and even in manual mode are too careless to do it at regular intervals. I am not just referring to MS and windwos defender, but anti-viruses or threat management softwares in general. Truth is that unless we see proof of the reality or seriosuness of a threat, we are not likely to take it seriously.

my computer has decided that this is malware. no matter what i do, windows defender is determined to protect me from windows updates. i even disabled it and it still insists it is malware and refuses to run it. the more info link is grayed out.

Ransomware is kind of malware which affect the Windows OS and make the device inaccessible. Till now we haven't received any information about the secure anti ransomware software. Nevertheless, if someone has a Stellar Phoenix Windows data recovery - Home software which recovers data from encrypted hard drive then they can easily retrieve their lost data.

I also have heard about this ransomware attack. It has been attacked over 70 countries. Even there is a big chance to increase this number. However, now a days security is the most important thing. Everyone wants to keep secure their windows so that anyone easily couldn't found the important information. Wuinstall can update your windows whenever you want. Even there is an offer for 1 month free trail. 

Glad I upgraded!