Your System – Not Guilty As Charged

Just another weblog

Could the world have minimized the ransomware attack on XP?

Posted by Joel Schipper on May 14, 2017

The malware ‘ransomware’ attack that hit the world on Friday, and may continue in a new form tomorrow (Monday May 15, 2017) is not preventable, but the damage might have been a lot less if those in charge of institutional computer networks did their jobs properly.

This malware, which was reportedly stolen from the U.S. National Security Administration, attacks a vulnerability in the no longer supported Microsoft XP operating system (O/S).  Even though Microsoft offers a patch for the vulnerability, Microsoft has little or no ability to promote that patch to continuing users of an unsupported O/S, and certainly not to the zillions of pirated copies of the XP O/S.

Thus, if you are CIO (Chief Information Officer) or other official in charge of institutional computers, what in the heck are you doing running the XP O/S, and most especially what are you thinking in not doing everything possible to protect it while moving at full speed to get off of it?

Here’s what the New York Times reported today (May 14, 2017) about the lack of proactive protection despite warnings in Britian’s National Health Service (N.H.S.):

Britain’s defense minister, Michael Fallon, told the BBC on Sunday that the government was spending about 50 million pounds, about $64 million, to improve cybersecurity at the National Health Service, where many computers still run the outdated Windows XP software, which Microsoft had stopped supporting.

A government regulator warned [my emphasis] the N.H.S. last July that updating antiquated hardware and software was “a matter of urgency,” and noted that one hospital had already had to pay £700,000, about $900,000, to repair a breach that began after an employee clicked on a web link in an unsafe email.

“The threat from cyber attacks has not only put patient information at risk of loss or compromise but also jeopardizes access to critical patient record systems by clinicians,” the regulator, the Care Quality Commission, wrote in its report.

There should be consequences to those in charge of these institutional computers.  This should have been a less destructive incident – especially since the attack did not go against the Windows 10 O/S which has been on the market for almost 2 years.  I think this should have been “Your System:  Not Guilty as Charged.”


3 Responses to “Could the world have minimized the ransomware attack on XP?”

  1. Very helpful guidelines on dealing with Ransomware, courtesy of the IT Team at PCB APPS …

    Over 60,000 companies of more than 100 countries have become the victim of this global ransomware malware attack. Here is how ransomware works and some possible solutions.

    ‘RANSOMWARE’ is a type of malware which gets into your computer and locks down all the files. Afterwards it seeks for money from you in order to get access to the locked files. The recent ransomwares are smarter than ever. It just not only locks down the files, but also encrypts the files which makes it really impossible to crack open the locked files. As a result the users do not have any other way to regain access to their locked files but to pay the money in bitcoin, and get the decryption code.

    How does it get into your computer?

    The easiest to get into someone’s computer is through attachments of spam emails or by entering into any unknown link. The extension of these files are different than the conventional files. Usually users turn off the file extensions, so they can not know what kind of file they are clicking on. The virus file pretends like a doc file or any other text file. But if you turn on the file extension of your computer you will see that the file extensions are different. As you click on the file all your data start encrypting and eventually asking you for ransom.

    These are possible real extensions of ransomware files…… .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc, .vvv, .xxx, .ttt, .micro, .crypto, _crypt, .crinf, .r5a, .XRNT, .XTBL, .crypt, .R16M01D05, .pzdc, .good, .LOL!, .OMG!, .RDM, .RRK, .encryptedRSA, .crjoker, .EnCiPhErEd, .LeChiffre, .keybtc@inbox_com, .0x0, .bleep, .1999, .vault, .HA3, .toxcrypt, .magic, .SUPERCRYPT, .CTBL, .CTB2, .locky or 6-7 length extension consisting of random characters.

    The recent ransomware which is causing mass loss is known as #WannaCry. This asks for opening a javascript file in your email in the format (.js). So it is now recommended not to open any unknown attachments sent through emails.

    How to recover a ransomware infected computer?

    For now there is no way to open the encrypted files. You have to pay through bitcoins in order to get the decryption code.

    Please be very vigilant and run through the following checks before replying to an e-mail, clicking on a link or opening an attachment. Take these safety measures :

    – Scrutinize the sender id by clicking on ‘Show Details’ in Outlook/Gmail mail: Even if the sender’s name seems fine, check if the e-mail address is correct.

    – Look out for obscure mail subject lines that do not concern you or your project and prompts you to open an attachment. e.g. scan_234234, PDF12345. URGENT_21.

    – Take time to read the e-mail: Despite noticing a sense of urgency expressed in the subject line, try to recollect if you had received any previous e-mails on this subject.

    – Check sender id before replying: Confirm the sender e-mail id and domain before replying to an e-mail.

    – Note suspicious attachments or links: Be wary of suspicious attachments that you aren’t expecting or URLs in the e-mail.

    – Do suspect that your machine could be infected? Please physically disconnect the network cable or turn off the WiFi and immediately contact IT experts by phone call.

    – If you are a laptop user or mobile user, avoid using public WiFi’s that do not require a password, such as free airport WiFi’s.

    – Keep your Operating System up to date.

    – Keep you Anti-Virus up to date.

    – Create back up for the most important files either in a secured hard drive or in a secured cloud storage.

    – Do not open any email attachments from unknown senders.

    – Be careful while opening and downloading from any unknown third party websites.

    In the event that you do receive such a suspicious e-mail, please report it by using the ‘Report Spam’ feature in the e-mail client for further investigation.

    • Today (May 15) CIO Journal column in the Wall Street Journal make the point that this may be a “teachable” moment … here’s the column.

      The Morning Download: Global Cyberattacks Put Pressure on CISOs, CIOs
      By Steve Rosenbush
      Good morning. The global cyberattack that erupted on Friday inevitably has put intense pressure on CIOs and CISOs, who are widely responsible for keeping corporate software up to date. The fact that many organizations didn’t keep their software up to date by implementing a Microsoft Corp. patch issued in March made organizations more vulnerable to attack. A researcher in the UK triggered a so-called kill switch that slowed the virus but experts warn that it isn’t entirely dead and that it is likely to keep spreading. (For the latest, see here and here.)

      In the event of a crisis, leaders may search for that one throat to choke. One security expert warns that it might be a mistake to start firing such professionals, following a breach. “There are many IT administrators and even CIOs that are concerned that they’re going to lose their jobs for not patching Windows XP, 8, or even still running those OSs. I think there’s a non-intuitive teachable moment here: organizations should not act out the old adage that the CISO’s primary job is to get fired when something goes wrong, in this case,” writes Shuman Ghosemajumder, a Google click-fraud security veteran who is now CTO of Shape Security. “The attack is so widespread that it is an industry-wide wakeup call,” he says.

      The attack has been a teachable moment, and now is the time to make the most of those who have benefited from its experience, Mr. Ghosemajumder maintains. “In the context of both security and privacy, I’ve learned that people only learn to be sufficiently paranoid when they have had a bad personal experience. For example, people don’t start taking identity theft seriously until they’ve been the victim of it,” he argues in an email to CIO Journal. “What you have right now is thousands of IT administrators and CIOs that are having one of the worst days of their lives. If you keep them in their job, you are going to have someone who will absolutely learn all of the necessary best practices to avoid something like this in the future.”

  2. A good graphic of ransomware from the CIO Journal column:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: