Hundreds of thousands of new malware strains hit the world every day—almost 400,000, according to independent antivirus testing laboratory AV-TEST. For the most part, the world absorbs them with relatively little impact, but every few years, a strain comes along that sweeps computers worldwide. In May of last year, the WannaCry ransomware became one of the most infamous strains to rapidly devastate computers globally.
WannaCry was some seriously nasty ransomware that took control of victims’ computers, encrypting files and asking for around CAD$300 in bitcoin cryptocurrency payments to unlock them. Starting in Europe on May 12, 2017, it infected more 200,000 computers in more than 150 countries. WannaCry took down computers at 48 National Health trusts in the UK’s National Health Service, stopping clinicians from accessing patient records and forcing them to cancel operations. It infected computers at companies ranging from FedEx to Spanish electrical utility Iberdrola, with European police agency Europol summing up the attack with one word: unprecedented.
When WannaCry blew into town
Usually, people become malware victims because they’ve clicked on an infected email attachment or visited a bad web link that ran malicious code. WannaCry, however, spread so easily because it didn’t need human help to find and infect new machines. Instead, it used an exploit called EternalBlue stolen from the US National Security Agency by the ShadowBrokers—an anonymous group of hackers that published the exploit online in April 2017. WannaCry wormed its way into a vulnerability in Server Message Block (SMB), a Microsoft protocol that lets computers send files to each other. This flaw let one computer infect another—and all it had to do was send a message.
When WannaCry infects your machine, it searches for other machines on your local network to infect. While it’s doing that, it’s also looking for a random address on the broader internet to infect anything there, too. The sad part? Most of the infections could’ve been prevented. By the time the hackers combined the exploit with ransomware and released it into the world, a patch had already been available for most Windows systems for almost two months.
Although Microsoft lists Windows 10 as affected by the SMB flaw in its patch page, if your team was using its latest build, you were immune from the ransomware. Windows 10’s built-in security technologies helped protect users against the attack, but, unfortunately, Windows 10 users are still in the minority. According to StatCounter, which measures operating system share around the world, Windows 7 was still the most popular client-side version of the operating system when the ransomware hit. All in all, only 36 percent of Windows users were actually protected from WannaCry.
So, why are users still stuck on their older software? A proportion of those older versions populate devices ranging from ATMs to ticketing kiosks—all of which are updated relatively infrequently. While tech-savvy consumers may crave the latest hardware and software, businesses like to sweat their assets, and many of them will hold onto their computers for dear life to avoid spending some serious money.
Rethinking support with Device as a Service
If you want to get ahead of the game, switch from a capital cost to an operating cost model for your client-side hardware. We all know that hardware refresh cycles are pretty painful. Not only do you have to dispose of your existing laptop and desktop computers, but you’ll probably max out your budget on new equipment and operating system licenses. When you switch to an operating cost model, you’ll lease the PCs and join a support contract designed to keep them running smoothly and securely. Device as a Service packages it all into a customizable service and support package, and you can choose the features built into your contract, like remote monitoring for performance tuning and hardware failure prediction. And maybe the best of all: When your machines are refreshed, they can be disposed of securely.
If your company is interested in choosing a service like this, your IT team will need to weigh the per-seat cost of the contract against the costs of buying a computer outright and supporting your fleet. Different vendors offer variations on this theme, with one Device as a Service initiative wrapping it all up with services ranging from device imaging and configuration to shipment and installation to cut down on your own team’s efforts and save you time.
No one can guarantee immunity against attacks that haven’t even happened yet. But if you use the latest operating systems and applications and patch them quickly, you’ll increase your chances of avoiding these attacks. Moving to a device as a service model lets IT teams offload the financial and time-consuming administrative burden of patching and upgrading operating systems. As attackers become more innovative, our best defence is staying up-to-date.