I liked Windows XP and was disappointed when the local where I was employed at the time made the decision to migrate to a newer operating system. The reason for the move was security. But that was years ago; maybe five. It is surprising to me that an institution as august as Britain's National Health Service would still be running machines using XP.
It will be interesting to see if these newer iterations of the ransomware are security-patch proof. (I hate to say it, but I'm glad I took the time to install Windows 10 last year.)
A good overview of the global WannaCry malware attack is found in "Ransomware’s Aftershocks Feared as U.S. Warns of Complexity" by David Sanger, Sewell Chan and Mark Scott:
The source of the attack is a delicate issue for the United States because the vulnerability on which the malicious software is based was published by a group called the Shadow Brokers, which last summer began publishing cybertools developed by the National Security Agency.
Government investigators, while not publicly acknowledging that the computer code was developed by American intelligence agencies as part of the country’s growing arsenal of cyberweapons, say they are still investigating how the code got out. There are many theories, but increasingly it looks as though the initial breach came from an insider, perhaps a government contractor.
Copycat variants of the malicious software behind the attacks have begun to proliferate, according to experts who were on guard for new attacks. “We are in the second wave,” said Matthieu Suiche of Comae Technologies, a cybersecurity company based in the United Arab Emirates. “As expected, the attackers have released new variants of the malware. We can surely expect more.”
Monday could bring a wave of attacks to the United States, warned Caleb Barlow, the vice president of threat intelligence for IBM. “How the infections spread across Asia, then Europe overnight will be telling for businesses here in the United States,” he said.
The cyberattack has hit 200,000 computers in more than 150 countries, according to Rob Wainwright, the executive director of Europol, Europe’s police agency.
Among the organizations hit were FedEx in the United States, the Spanish telecom giant Telefónica, the French automaker Renault, universities in China, Germany’s federal railway system and Russia’s Interior Ministry. The most disruptive attacks infected Britain’s public health system, where surgeries had to be rescheduled and some patients were turned away from emergency rooms.
A 22-year-old British researcher who uses the Twitter name MalwareTech has been credited with inadvertently helping to stanch the spread of the assault by identifying the web domain for the hackers’ “kill switch” — a way of disabling the malware. Mr. Suiche of Comae Technologies said he had done the same for one of the new variants of malware to surface since the initial wave.
On Sunday, MalwareTech was one of many security experts warning that a less-vulnerable version of the malware is likely to be released. On Twitter, he urged users to immediately install a security patch for older versions of Microsoft’s Windows, including Windows XP. (The attack did not target Windows 10.)
In Britain, fallout continued Sunday. Two opposition parties, the Labour Party and the Liberal Democrats, asserted that the governing Conservative Party had not done enough to prevent the attack. With a general election June 8, officials have been racing to get ahead of the problem.
Britain’s defense minister, Michael Fallon, told the BBC on Sunday that the government was spending about 50 million pounds, about $64 million, to improve cybersecurity at the National Health Service, where many computers still run the outdated Windows XP software, which Microsoft had stopped supporting.