Microsoft has taken the unprecedented step of issuing patches for unsupported operating systems – like Windows XP – in the wake of the massive WannaCrypt ransomware attacks against organisations across the globe.
Businesses, governments and individuals in 74 countries across the globe have been victims of more than 45,000 attacks by this one strain of ransomware in the space of just a few hours.
Wannacrypt ransomware demands $300 in Bitcoin for unlocking encrypted files – a price which doubles after three days. Users are also threatened with having all their files permanently deleted if the ransom isn’t paid in a week.
Hospitals across the UK have had systems knocked offline by the ransomware attack, with patient appointments cancelled and doctors and nurses resorting to pen and paper and NHS England declaring the cyberattack as a ‘major incident’ – a total of 45 NHS organisations are now own to be affected.
Cybersecurity researchers have suggested the ransomware attacks are so potent because they exploit a a known software flaw dubbed EternalBlue. This Windows flaw is one of many zero-days which apparently was known by the NSA — before being leaked by the Shadow Brokers hacking collective. Microsoft released a patch for the vulnerability earlier this year – but only for the most recent operating systems.
One thing many of the targets have in common is that they’re running old Windows operating systems like Windows XP, Windows 8 and Windows Server 2003, which now only usually receive patches if the organisation using them are receiving special custom support.
Also: Ransomware: These four industries are the most frequently attacked | Windows 10 tip: Keep unwanted software off PCs you support | Will your business be next? Customizable ransomware makes it easy for criminals to target organisations | Ransomware: An executive guide to one of the biggest menaces on the web
However, in order to ensure as many systems as possible are protected against WannaCrypt ransomware and other attacks, Microsoft has made security patches for Windows XP and other operating systems broadly available to download.
“This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind,” the company told customers in a blog post.
Customers can now download security updates for Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, and Windows 8 x64.
Microsoft is continuing to work with customers to provide assistance as the situation evolves.
In response to the attacks against the UK’s National Health Service, Home Secretary Amber Rudd is set to chair an emergency Cobra crisis-committee meeting to coordinate a government response to the incident.
Meanwhile,. The National Cyber Security Centre has issued a statement to say it is “working round the clock with UK and international partners and with private sector experts to lead the response to these cyber attacks”.
Ciaran Martin, CEO of the National Cyber Security Centre, said that in order to protect against this sort of attack, organisations should “make sure your security software patches are up to date” and “make sure that you are running proper anti-virus software”