Webster in The Oldie

Contact Webster...

Newsletter - sign up here

Ask Webster

Search Webster

Webster's pieces from The Oldie

Webster's Webwatch

Lock your doors against ransomware

Summer 2017

I hope you weren’t affected by the “ransomware” attack on the NHS computers in May (a possibility I mentioned in 2014, if you will permit a brief gloat), but now the dust has settled, who was to blame? I think that the American National Security Agency (NSA) has a lot to answer for; I’ll explain.

Ransomware is usually invited into a computer by clicking a link in an apparently innocuous email. That infects one computer; however, this attack differed from most by taking advantage of a flaw in an obsolete operating system, Windows XP, to infect all the other machines on the same network; throughout a hospital, perhaps.

Such flaws are akin to an unlocked door through which criminals can sneak. All software has such flaws, but as they are noticed, they are mended, or “patched”, in the jargon. That’s what’s happening when your computer updates itself.

Windows XP was installed on millions of computers before 2010 and had just such an unlocked door. However, as Microsoft stopped updating XP in 2014, it was never patched. Unfortunately, despite Microsoft giving over seven years notice that XP would become obsolete in 2014, many computers in the NHS still use it.

This is where it gets murky. When most computer experts spot a security flaw, they tell Microsoft privately, who thank them, often pay them and fix the problem. In this case, it was the NSA that found the unlocked door, but they kept it to themselves. They even developed a software tool (called Eternal Blue) to exploit the unlocked door, presumably for security related purposes.

Then disaster struck; the NSA computers were broken into by a gang of hackers called The Shadow Brokers; they stole much, including Eternal Blue. The cat was now out of the bag. Microsoft heard about it and in March they patched the problem for their current software but not for the deceased Windows XP.

In April, The Shadow Brokers made Eternal Blue public, and inevitably the crooks behind the NHS ransomware attack spotted its possibilities. They built Eternal Blue into their ransomware, which meant that once inside any network, it could worm into any connected computer that uses Windows XP. No one had to do anything; no more clicking on infected emails required.

Microsoft, to its credit, immediately issued a patch for Windows XP, even though XP is pushing up the daisies.

So, back to who is to blame for this massive inconvenience. I suppose that Microsoft share a little blame for not spotting the weakness themselves ages ago, but when they did know about it they patched it quickly, and anyone with a modern operating system was unaffected.

In my view, the NSA is much more liable. Keeping mum about what they found for security purposes is one thing, but allowing it to be stolen is inexcusable.

They share the blame equally with any organisation (like the NHS) that has been knowingly using out of date, vulnerable software and hence taking a huge risk with their data; they have no right to complain at all.

I like an analogy used by Dr Michael Pound, a computer expert from Nottingham University. He said that grumbling about the attack is like having an accident in a car from the 1940s and complaining that the airbag didn’t inflate. There is no airbag to protect you in a 1940s car, and unless you go to a garage and have one fitted, or replace the car with more modern one, there never will be.

So, if you still use XP: take heed. If you escaped this time, don’t be surprised if you get hurt next time. It has no airbag.

How to tell if you are at risk

First, find out what operating system you are using. The simplest way is to click here: whatsmyos.com and it will tell you at the top of the page.

If you are using Windows 7 (with Service Pack 1), 8.1 or 10, provided they are up to date you are as safe as you can be. To make sure you are up to date, you need to run "Windows Update". In mpost cases this will happen automatically, but if you want to double check, press the Start button, then Settings > Update & security > Windows Update
If you are using any other Operating Syatem - such as XP, Vista, Windows 7 Home Basic and Windows 8, then you are at risk. If you run Windows Update, you may receive the special patch that Microsoft issued as a service to (mainly) the NHS and other large organisations that still run obselet computers.

Sadly, however, the safest course of all is to buy an up to date computer - or disconnect from the Internet.

All content on www.webstersblog.co.uk is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.