Yesterday there was another massive ransomware outbreak found to be using the same vulnerabilities in Windows that were used for WannaCry last month. Ukraine was hit hardest, but at the time of writing, businesses in a total of 65 countries were affected throughout the world including Russia, Germany, France, and the US.
While the virus had similarities to previous variants of the underlying ransomware Petya, the mechanisms used to spread this one warranted security researchers to refer to it as Petwrap or Petrwrap. Just like the WannaCry outbreak last month, this exploit was used to infect unpatched Windows endpoints.
Earlier this month Microsoft again released updates for Windows XP, Windows 8, and Server 2003, all operating systems no longer supported, in order to address additional exploits that had already been patched for supported operating systems in March. The updates released the past two months for Windows XP patched some of the most egregious exploits being actively exploited. However, it’s important to note that hundreds and possibly thousands of other exploits exist, are still unpatched, and very likely never will be. Microsoft ended support for Windows XP in April of 2014.
While it was later found that over 90% of affected endpoints in the WannaCry outbreak were actually running unpatched versions of Windows 7, keeping endpoints in use running unsupported operating systems is very dangerous. Microsoft took unprecedented actions the past two months by releasing patches for Windows XP, but warned that this practice will not continue.
It’s important to note that all versions of Windows 10 were not affected by WannaCry.
Patching Windows and Flash Player, along with having up-to-date anti-virus installed on endpoints are some of the easiest ways to help protect from this threat. However, businesses should start to plan an upgrade to Windows 10 now. Windows XP, Vista, and 8 are no longer supported. Endpoints running Windows 8 should be updated to Windows 8.1 to continue to receive security updates. Windows 7, which is on the vast majority of endpoints, will no longer receive security updates beginning in January of 2020.