Microsoft releases urgent OS patch in wake of #WannaCry ransomware blitz
Microsoft XP received the new security patch three years after the computer giant discontinued support for the OS.
The patch release comes after a virus known as ‘WannaCry,’ ransomware which encrypts files and demands users pay for their release, infected more than 100,000 computers worldwide on Friday.
Malware Tech reports that approximately 124,000 computers have now been affected by the virus, with parts of the UK’s National Health Service, including patient records and other administrative data, debilitated by the sudden attack.
“Seeing businesses and individuals affected by cyberattacks, such as the ones reported today [Friday], was painful,” a Microsoft statement read.
“We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.”
An investigation is currently underway to determine the source of the cyberattack. According to the European Cybercrime Centre, Europol is “working closely” with countries affected by the blitz to identify the culprits.
Earlier this year, Microsoft created a patch called MS17-010 to guard against the virus. But older, unsupported operating systems were not included in the update.
“WannaCrypt’s spreading mechanism is borrowed from well-known public SMB exploits, which armed this regular ransomware with worm-like functionalities, creating an entry vector in machines still unpatched even after the fix had become available,” Microsoft said.
Some analysts are suggesting by sinkholing the domain we stopped the infection? Can anyone confirm?— MalwareTech (@MalwareTechBlog) May 12, 2017
I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.— MalwareTech (@MalwareTechBlog) May 13, 2017
Elsewhere, a Twitter user posting under the name of @malwaretechblog is being hailed an unlikely hero after they registered a domain name referenced in the virus code. The domain registry acts as a kill switch in the code, halting the ransomware.
Darien Huss, a security research engineer who reportedly helped find the loophole, explained: “WannaCry propagation payload contains previously unregistered domain, execution fails now that domain has been sinkholed.”