This is that time when all the Man vs Machine conspiracy theories begin to feel legitimate. Over the weekend, the world was hit by a massive cyber attack, which is believed to be the most dangerous ever. This ransomware program, called WannaCry or WannaCrypt or WannaCryptor, spread taking advantage of a vulnerability in Windows XP that Microsoft released a security patch for in March. But computers and networks that didn’t update their systems remained at risk.
Now think about this. According to analytics company StatCounter, 5.26 percent of Windows PCs run XP still, an operating system Microsoft first introduced in 2001 and hasn’t supported since 2014. While a similar analysis from Net Applications puts the total at just over 7 percent of all personal computers. No matter whose numbers you use, that still amounts to tens of millions of devices. And that’s before you count the absurd percentage of ATMs and other non-traditional systems stuck in the past.
“The number of ATMs left on Windows XP are higher than PCs as a percentage. Many more ATMs, probably higher than the 35 percent computers in banks and financial institutions that are still to be upgraded and these (ATMs) are not included in those 4 million computers,” Microsoft India GM Amrish Goyal said in 2014.
Further, among the most affected areas by these attacks where UK’s National Health Services (NHS). However, a reported 90 percent of NHS trusts run at least one Windows XP device. NHS has disputed the 90 percent figure, though not that a significant portion of its systems run Windows XP, and was only one example of the tens of thousands of impacted computers across nearly 100 countries yesterday. But its meltdown illustrates the deeper problems inherent in Windows XP’s prevalence three years after its official demise. ALSO READ: WannaCry Ransomware attack tracker shows real-time map of affected devices worldwide
And this is where the problem is! Experts have been repeatedly pointing out that the best way to protect against the WannaCry ransomware is to patch everything, as soon as possible. But for Windows XP and other expired operating systems, the patches aren’t there in the first place. With very few exceptions, including an emergency patch after the first wave of WannaCry infections and expensive, specialized service contracts, Microsoft no longer provides any security support for the OS. And it’s only going to get worse! ALSO READ: WannaCry ransomware cyber-attack is a ‘wake-up call’, says Microsoft
The natural question here would be, given the absurd level of risk that comes with running Windows XP in 2017, is why on earth would anyone stick with it, much less millions of people and companies with so much to lose. ALSO READ: WannaCry ransomware: CERT-In explains measures to prevent infection, how to tackle the aftermath
The problem can be rooted in Windows XP’s initial popularity. Not only was it one of the first stable Windows versions, the five-year gap between Windows XP and its unpopular successor, Windows Vista, resulted in an uncommonly large install base. Now you can imagine what happened from there; business-wide operating system updates take time and money, which most organizations refrain from incurring. ALSO READ: No, I don’t WannaCry, but we’re all collectively responsible for a lot of pain around us
But despite all the loss of money and resource in the world, maybe, the silver lining in WannaCry comes from alerting companies large and small of just how enfeebling Windows XP can be. ALSO READ: WannaCry Ransomware: 22-year-old ‘accidentally’ stops attacks, warns against more to come