Microsoft held back a free WannaCry patch, report says – CNET

Why the WannaCry cyberattack is so bad, and so avoidable

A new wave of the ransomware spreads chaos around the world. Paying the ransom may not cure computers, which could have avoided infection by simply keeping Windows updated.

by Bridget Carey

Microsoft could have slowed the devastating spread of ransomware WannaCry to businesses, the Financial Times reports. Instead, it held back a free repair update on machines running older software like Windows XP.

Microsoft wanted hefty fees of up to $1,000 a year from businesses for “custom” support and protection against attacks like WannaCry, which locks your computer unless you pay the hackers in bitcoin, said the publication.

While Microsoft finally did make the patch available free of charge to Windows XP machines last Friday, damage had already been done. The company has since been trying to convince customers, business or otherwise, to switch to its newer and more secure Windows 10. Despite the lack of cover, plenty of Microsoft’s customers are still running older software that may still be vulnerable.

“Recognizing that for a variety of business reasons, companies sometimes choose not to upgrade even after 10 or 15 years, Microsoft offers custom support agreements as a stopgap measure,” said a Microsoft spokesperson in a statement to CNET.

“To be clear, Microsoft would prefer that companies upgrade and realize the full benefits of the latest version rather than choose custom support. Security experts agree that the best protection is to be on a modern, up-to-date system that incorporates the latest defense-in-depth innovations. Older systems, even if fully up-to-date, simply lack the latest protections.”

Initial WannaCry attacks were slowed by a security professional who found the ransomeware’s kill switch, but newer, more resistant versions have appeared. At last count, over 200,000 computers in over 150 countries had been hit with the ransomware.

Comments

Write a Reply or Comment:

Your email address will not be published.*