May 23, 2017
With the WannaCry virus affecting many, why are so many systems vulnerable?
The latest virus in the news is a piece of ransomware virus called WannaCry (or WannaCrypt or WannaCryptor) that encrypts your data then displays a red ransom note requesting under $500 in Bitcoin currency. The virus takes advantage of a Windows SMB (Server Message Block) bug that was discovered and patched over a month before the virus first appeared. When the virus first appeared on May 12, 2017, it was mostly limited to healthcare facilities in Europe, but has since spread worldwide and to other industries.
There are several things that make this virus unusual. Microsoft’s Chief Legal Officer and President Brad Smith said that it was “drawn from the exploits stolen from the National Security Agency” (in other words, it’s the first virus to leverage the NSA secrets recently publicized through Wikileaks). The virus is serious enough that Microsoft has now released a Windows XP version of the patch, despite the fact that Microsoft stopped supporting Windows XP with new patches back in 2014.
Despite causing chaos worldwide (putting hospitals and some banks offline, affecting over 300,000 computers), many news sources have been quick to criticize the coding as being primitive. A lack of easy tracking should make it hard for the saboteurs to determine the unlock code. The requested payments are on the low side ($300-$400) with estimates of the total haul being around $100,000 (at press time). Payments are by blockchain, which means that there will be a historical ledger record that can be checked. Two different versions of the virus have had kill switches that stop the virus from spreading (… but does not undo damage that has already been done). Some of the code has been described as ineffective. IoT devices are also affected, many of which are incapable of applying the OS prevention patch.
Fears are growing that copycat versions of the virus will implement the changes I have just listed, making the virus demand higher fees and be harder to stop (… and the latest is called EternalRocks, has no kill switch, and uses all 7 Windows SMB vulnerabilities, not just the 2 the WannaCry used). It has been noted that portions of the code are identical to portions of code by a group called the Lazarus Group, which has been linked with North Korea – the news seems to continue pushing this angle. Keep in mind that code is often lifted from other sources, so this may not prove that Lazarus is the culprit. The 2014 hack into Sony Pictures also involved the use of Windows SMB worm – and targeted preventing the release the anti-North Korean film “The
At the heart of this problem is less a computer problem and more a human problem: why are so many of us part of the anti-update culture? Why is this dangerous habit so persistent in the business computer world, where “here’s a free update that will make your computer safer against known threats” is so frequently ignored? Let me list some answers to this question.
Bad experience with Windows updates: You have probably rebooted your computer and seemingly waited forever for a Windows update to complete, with a giant eye roll as you realize you’re only on 3 of the large number of components needed. After much cursing, when you once again see a cursor (pun intended), you decide to change your options to prevent automatic updates in the future. “Ha, that’ll show ‘em,” you proudly tell yourself. Your desire to keep your computer time productive also keeps you from acknowledging the many “there are new updates available” messages you receive afterwards. Remember those “Ready to upgrade to Windows 10” pop-ups you used to see all the time? So annoying! Occasionally you cherry-pick through the updates list, weighing each feature and bug patch.
Windows update is off: Laundry list time! I just explained one reason why you might turn off your Windows Updates. Windows Updates also has a tendency to sometimes hang completely on its own. Bootlegged copies of Windows don’t get patched by Microsoft updates, a problem that reportedly plagues most Windows users in China.
Ignorance is bliss / paranoia of change: Perhaps you know (or are) someone who avoids annual doctor checkups as a way of staying healthy, explaining that the real threat is picking something up in your doctor’s office. The IT equivalent is distrust of problems that patches may introduce and confidence that your luck will continue as long as you avoid change. Perhaps you believe that downloading anything makes you more vulnerable to being infected or tracked (after all, viruses tend to come from giving permission for things to execute and/or download), and have applied this belief to Windows updates?
Bigger is not always better: Whether you’re downloading an OS update for your smartphone or any other software update, the newer version always seems to be bigger and also tends to use more resources (more a mobile concern), and that doesn’t even include the potential for bloatware and ads that might accompany the update (more a computer concern). Your concern about your computer’s speed or storage capacity may make you block updating.
Red tape: This is the belief that all upgrades need to be approved after passing the test of time, which is why many companies continue with Windows 8 or earlier – they just are not ready to award Windows 10 with their seal of approval. While Windows updates into this is different than Windows upgrades, this might still fall into “Nothing changes unless IT tells me it is OK.”
Historically, the only way to get people to alter habits is for them to realize that change is in their best interest. In the U.S., vehicular fatality statistics were not enough to convince people to buckle up; fines and crash test dummy TV ads increased compliance over time. Perhaps WannaCry will cause people to change their habits about automated updates, now that the rationale is more prevalent, and copycat and next-generation viruses are surely on the horizon. As they say in earthquake-prone zones and Tornado Alley, we hope that you will be safe before the next one hits.