The simple reason so many companies were hit by the WannaCry 2.0 ransomware

A ransomware warning screen.
A ransomware warning screen.

It’s a lot harder for huge companies to update their computer systems. (image: Flickr/ Christiaan Colen)The WannaCry 2.0 ransomware is still crippling computer systems and networks around the world. The malware, which hit the web on Friday, has impacted everything from automakers to the U.K.’s National Health Service, by locking down their Windows PCs and demanding a ransom of $300 in bitcoins in return for the codes to unlock them.

So how did such large companies and public services fall victim to WannaCry 2.0? Well, contrary to popular opinion, it’s certainly not because they’re fools.

Updating isn’t so easy

The WannaCry ransomware is widely believed to use a vulnerability in Microsoft’s (MSFT) Windows operating system, which the National Security Agency knew about and kept secret. In April a group of hackers called The Shadow Brokers, said it stole the vulnerability along with a slew others from the agency, and posted them online.

The makers of WannaCry then used that vulnerability and weaponized it in the form of ransomware that spreads through computer systems like a worm, infecting more and more PCs as it moves.

Microsoft, however, released a patch for the vulnerability for most versions of Windows well before WannaCry hit the internet. A follow-up patch was released for its long-discontinued Windows XP after the software giant recognized the scale of the attack.

So, why didn’t every company and institution immediately update their systems? As McAfee CTO Steve Grobman explains, it takes more time for huge organizations to update their computers than it does for you or me.

“Some of the organizations that were negatively impacted by [WannaCry] have delayed releasing patches, because they were still performing compatibility tests, and were working through those before deploying the patch,” Grobman explained.

Organizations like hospitals, for example, run specialized software on top of Windows to do things like keep tabs on patients’ records and medications. So they can’t run the risk of installing a new Windows patch that may or may not be compatible with their own programs.

After all, if you see a Windows update is incompatible with one of your programs, the worst that happens is you have to wait a few days for a new update. A hospital or factory, on the other hand, could be out of commission for days.

“It’s not simply organizations not wanting to patch,” Grobman said. “Sometimes there are real risks of deploying a patch when there are compatibility issues in their environment.”

A perfect storm

According to Grobman, what makes the WannaCry 2.0 ransomware so dangerous is that it’s an almost perfect storm of vulnerabilities and implementations coming together. That makes it extremely contagious.