Britain’s National Health Service
Following the global cyber/ransomware attack this week, it transpires that the UK’s National Health Service (NHS) is still using Windows XP on a reported 90% of its systems, even though XP has not officially been supported by Microsoft since April 2014. Apparently the NHS entered into an agreement with Microsoft for a security support extension until April 2015, but this was evidently not renewed. The ransomware, known as Wanna Decryptor or WannaCry has caused chaos across the NHS and was identified earlier this year. It could possibly have been stopped from infecting NHS computers in March this year when a patch was issued by Microsoft, but unfortunately the fix could not be installed on ageing operating systems and those machines will have been left vulnerable to this attack.
Infected computers show a message demanding a $300 ransom which, if not paid to a Bitcoin wallet will be doubled in three days.
You only have three days to submit the payment. After that the price will be doubled. Also if you don’t pay in seven days, you won’t be able to recover your files forever
According to some reports from as far back as January 2014, the NHS, HMRC (Inland Revenue) and other government departments were asked under the Freedom of Information Act, to explain their plans for migrating to newer operating systems, but since Microsoft’s support fees per PC were so high (not surprisingly), many departments apparently decided to remain ‘naked’ after the cut-off date and stay with XP. In my opinion, this is a staggeringly irresponsible neglect of duty, especially with such life-critical data at stake. Here are some figures that highlight the black hole left by the XP fiasco:
As of January 2014 there were just over 1 million desktops and laptops in the England NHS running Windows XP using Internet Explorer 6, 7 or 8 and apparently no central database exists to track migration as each unit or trust operates as a distinct unit. 90% of England’s NHS trusts still rely on Windows XP with only 29% saying they would upgrade ‘sometime in 2017’.
Experts say the virus, called Wanna Decryptor, exploits a vulnerability in Microsoft Windows software that was first identified by American spies at the NSA.
I’m not entirely surprised by these revelations and, in fact, only the other day I had to complete some tedious paperwork at a local authority here in Buenos Aires only to find that, not only was the operative using a non-optical PS2 ball mouse, but her operating system was Windows XP. I know this because she couldn’t navigate around her screen properly, prompting me to grab her mouse, extract the ball, clean it and hand it back to her. I was a little taken aback since the town hall had just undertaken a massive refurbishment costing millions, with apparently crucial operating systems not being of the highest priority, so the British NHS is not alone in this respect.
I also spotted Windows XP on a screen in a 2015 BBC report on the construction of HMS Queen Elizabeth, the new aircraft carrier for the Royal Navy. It’s entirely possible of course that the Bliss wallpaper belongs to a sub-contractor, but you have to wonder what it’s doing in a state of the art warship for the Royal Navy in the first place.
Perhaps it’s time the UK government stepped in with emergency funding so that each and every NHS trust is able to upgrade their ageing operating systems so that an an attack on this scale can be prevented from happening again. But maybe that’s just wishful thinking on my part and in my naiveté, I may have forgotten that steps such as that are usually entirely political and fall way back in the queue behind expensive equipment to generate money from speeding motorists and think-tanks to discuss the relative benefits of one-way systems, mini roundabouts and the decor to be chosen for the mayor’s new office.
With a general election coming up in the UK next month, a cynic might suggest that this would be an ideal time to place this matter into a political party manifesto and exploit this opportunity for political gain, but what do I know?
Breaking News – Microsoft Takes Unusual Step And Issues Fix For Windows XP
Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. ~ Phillip Misner, Principal Security Group Manager Microsoft Security Response Center
Microsoft has just issued a communiqué stating that it has issued a fix for versions of Windows that are in custom support only, which covers Windows XP, Windows 8, and Windows Server 2003. Read the full statement here.
More Breaking News
The BBC reports that a young security blogger tells of how he ‘accidentally’ halted the ransomware whilst analysing the code behind the malicious software. Read the full report here.