The big tech story of the past week is WannaCry, which hit last Friday and infected more than 300,000 computers to date with its sickly red screen of ransom.
Infected PCs share two traits: files are encrypted by the malware rending the computers useless until a ransom is paid in Bitcoin, and the computers infected are all running Microsoft Corporation’s (NASDAQ:MSFT) Windows operating system.
The combination has led to considerable anger directed toward MSFT, but the blame is misplaced.
WannaCry Wreaks Havoc
The WannaCry ransomware hit starting on Friday, locking up computers in Europe before beginning to spread globally. Only a lucky break and some sloppy code on the part of the criminals prevented WannaCry from spreading further. But by the time the worst of the attack was over, some 300,000 computers had been affected in 150 countries.
Included in the toll were high-profile targets, including dozens of U.K. hospitals. And while the attack proved minimal stateside, FedEx Corporation (NYSE:FDX) was among those that were infected.
When a computer is hit by WannaCry, its files are encrypted. To regain access, victims have to pay a Bitcoin ransom in the $300 range, then wait for the decryption key to be sent. It soon became evident that WannaCry was able to spread so quickly because it exploited a Microsoft Windows vulnerability. But that’s where things get a little complicated.
That exploit was among those that turned up in a dump from the National Security Administration (NSA). You probably remember the headlines from earlier this year, as WikiLeaks revealed numerous hacking tools employed by the CIA. Same idea: Government agencies look for ways into computers, the exploits are stolen by criminal elements and end up in the wild as malware. In this case: WannaCry.
Placing the Blame on Microsoft
Microsoft learned of the exploit and released a security update to address it on March 14. The problem is that older Windows systems that are no longer supported — notably Windows XP — were not patched. What’s more, some users had turned off Windows Update on new systems, so they never received the patch.
The company quickly released a security update for Windows XP and older systems, despite the fact that they are no longer officially supported. But it didn’t take long for the world to plant a collective finger squarely in Microsoft’s chest.