On 12 May 2017, an unnamed group of hackers launched a cyber-attack infecting more than 200,000 machines in 150 countries with a crypto-locker ransomware that acted as a trojan with worm-like characteristics once it was on a network. Most of the affected machines run Windows XP and those using current Windows OS that have not been appropriately patched.
The Windows XP operating system is an unsupported version of Windows that no longer receives software updates from Windows Update. These updates, Microsoft declares: “include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software which can steal your personal information. Windows Update also installs the latest software updates to improve the reliability of Windows such as new drivers for your hardware”. Microsoft did release a patch for Windows XP on 13 May 2017.
Shadow Brokers, a hacker group that is active globally, was initially responsible for the dump of National Security Agency (NSA) hacking tools, including the Microsoft bug that allowed the unnamed group of hackers to launch this attack. They found ‘Eternal Blue’, a Microsoft Windows bug that the NSA was using for hacking the SWIFT banking system of several banks around the world and that was secured in March 2017 by Microsoft’s security bulletin MS17-010.
The unnamed group of hackers used this Windows vulnerability to put the crypto-locker ransomware like a trojan on the networks of enterprises in over 150 countries, including Britain’s National Health Service, FedEx, Deutsche Bank, Renault, Telefonica and other big companies.