Microsoft, which called out the NSA and other government agencies for their role in the creation and launch of WannaCry, may itself have been part of why the ransomware was able to cause so much chaos.
As the world attempts to recover from the damage caused by WannaCry, a new report claims that Microsoft could have helped prevent its spread, but decided not to do so.
Microsoft Holds Back On WannaCry Patch For Windows XP
According to a report by the Financial Times, Microsoft held back a free update that would have patched up the vulnerability that WannaCry used to compromise computers running on the old Windows XP operating system.
The report claims that Microsoft delayed the rollout of the patch because it initially wanted payments of up to $1,000 per Windows XP computer for "custom" support.
Microsoft has struggled to push users and corporations to upgrade from older versions of the Windows operating system to the latest and secure Windows 10, even if the company had already stopped the support for versions such as Windows XP. The significant number of users who have not yet upgraded to Windows 10 were highly vulnerable to WannaCry when it started its worldwide rampage last week.
Microsoft still continues to provide support for governments and organizations, but in exchange for hefty payments. While the company offers special deals for the first year, the high costs have forced entities such as the National Health Service of the United Kingdom to discontinue receiving support.
The National Health Service turned out to be one of the biggest victims of WannaCry, as it spread across 150 countries and infecting about 200,000 computers.
The Importance Of Installing Updates
Microsoft initially sent out the anti-WannaCry patch to Windows 10 users, but eventually agreed to also release the patch for Windows XP users on the day that the ransomware was detected. However, by then, the damage was already done.
It is easy to see Microsoft's fault of not relenting on its stance of payments required for custom support for Windows XP. The NSA, which kept the Windows exploit a secret to create its own hacking tools, shares the fault for not disclosing the vulnerabilities to Microsoft. A group known as the Shadow Brokers leaked the NSA's hacking tools last month, and a new group then used them to create WannaCry.
However, the victims of WannaCry may also blame themselves for remaining unprotected against the ransomware attack. Many users and corporations could have prevented having their systems locked by the ransomware by upgrading their operating systems and installing the necessary updates, instead of subscribing to the theory of "if it's not broke, don't fix it."
According to Microsoft, it prefers for users and enterprise customers to upgrade to Windows 10 instead of having to pay for support for older versions of the operating system. It can be argued that Microsoft should have released the patch to fix the vulnerability that WannaCry exploited in Windows XP, but perhaps it would have been better off if customers were not on Windows XP in the first place.