Last week there was another ransomware attack based upon a variant of WannaCry, while this attack has reputably been used to cover the tracks of a targeted attack it highlights the same underlying problem facing victims of WannaCry. On affected computers, the WannaCry software encrypts files and displays a ransom message demanding $300 in bitcoin. It has attacked hundreds of thousands of computers from hospital systems in the U.K. and a telecom company in Spain to universities and large companies in Asia. The software is already inspiring imitators, as the Bleeping Computer site reports.
We’ve had news coverage, lessons learned and security companies all offering good advice on ways to protect your business and self. Microsoft president and chief legal officer, Brad Smith advised customers to update software including those still using Windows XP. The Financial Times wrote:
Many of those caught unaware were still running Windows XP, an ageing version dating back to 2001. It endured a dark period at that time, when it kept launching editions of Windows, including 98 and XP, which were filled with new features but lacked basic reliability and security… The remaining challenge is that Windows has a long tail — old versions stay on computers because it would either be too costly or too difficult to upgrade them. It is often the latter: companies run customised software that is not easy to make work with a newer Windows. There is always the temptation to let things remain as they are. Microsoft needs incentives for the 7 per cent of users still running XP to upgrade to a new version, and for everyone to remain current.
The Register reported that 90 percent of NHS trusts run at least one Windows XP device, an operating system Microsoft first introduced in 2001 and hasn’t supported since 2014. But it didn’t just stop there. According to data released by Kaspersky Lab, roughly 98 percent of the computers affected by the ransomware were running some version of Windows 7, with less than one in a thousand running Windows XP. 2008 R2 Server clients were also hit hard, making up just over 1 percent of infections. Windows 7 is still by far the most common version of Windows, running on roughly four times as many computers as Windows 10 worldwide.
A Fundamental Problem with Operating Systems
The challenge for many organisations – such as what’s facing the NHS – is that it’s not the upgrade to the new, and more secure operating systems that presents the major problem. It’s that there are critical applications, built over decades that run crucial services, that are tied to legacy operating systems and browsers. Wired wrote:
Many companies have a more practical excuse than just lethargy; they may rely on specialized legacy software that simply won’t work with newer Windows releases. That may include institutions like NHS, where the process of testing new or updated versions of critical software could disrupt patient care.
So when it comes to upgrading to the latest operating system, most assume or know they shouldn’t because it will break the app.
And unfortunately, this situation is not the exception, it’s the rule. There are computers all over the UK running critical apps on unsupported, legacy operating systems and they remain extremely vulnerable. Microsoft fortunately was prepared having released critical patches back in March, but what if it hadn’t?
The NHS already postponed many surgeries, had to revert back to paper-based systems and many doctors surgeries weren’t actually sure who had made appointments!
Don’t be Afraid to Upgrade to Any OS, at Anytime
It’s time we found a solution to our fears of breaking the app in order to better protect ourselves against cyber attacks like ransomware. There are many security technologies out there that play an important role. But part of the job of protecting an organisation is to maintain the latest, supported operating system that is patched – you MUST stay up to date with at least security patches.
But what to do with your line of business apps that are tied to legacy Windows? If you need to keep using these apps they become vulnerable. This is where Cloudhouse helps.
Cloudhouse's Containers enables your apps to run on supported environments, without making any changes to the application. Our mission is to help customers get their otherwise incompatible applications, to work on the latest versions of Citrix, Windows or IE. Cloudhouse gets you to the latest operating system and then enables you to stay current by ensuring your application works on the latest platforms so you can move your business off Windows XP, and start planning the move from Windows 7 which will leave Extended Support in Jan 2020.
Have a critical app that you’re struggling to deliver and deploy to the most recent, supported versions of Windows or Citrix, or to the cloud? Get a demo of Cloudhouse today. Not ready for a demo?