Computers that are still running Windows 7, even with the program's end of life enacted on January 14, are at significantly greater risk of ransomware attacks, warns Veritas Technologies. Experts estimate that 26% of PCs are still running Microsoft software after support ends.
The ransomware vulnerability of PCs running unsupported software was demonstrated by the WannaCry virus in 2017. Despite supported computers receiving cryptoworm fixes, Europol estimates that 200,000 devices in 150 countries running older, unsupported software have been infected. by WannaCry. And while only US$ 130K was paid in ransom, the business impact is understood to have reached billions of dollars due to lost productivity and data, as well as corrupted hardware.
Marcos Tadeu, Systems Engineering Manager at Veritas says, "WannaCry was a clear example of the dangers companies can face when they are using end-of-life software. As of January 2020, a quarter of all PCs have come to fall into this category, so it is vital that organizations that rely on Windows 7 are aware of the risks and what they need to mitigate them. This type of ransomware attack tends to have a disproportionate effect on organizations that can afford to pay less. for ransom, so much so that we saw high-profile attacks on public sector agencies in 2017. Therefore, it is critical that those running Windows 7 act now and plan to ensure they are protected. Organizations need to understand their data and ensure that information is being stored in the right place, where it can be protected and made available when needed."
Microsoft ended mainstream support for Windows 7 in 2015, giving users five years to prepare for the software's end-of-life. Companies still running Windows 7 need to prepare to avoid the impact that the ransomware vulnerability can have. And to help them overcome this challenge, Veritas has prepared five tips:
• Educate employees – the biggest risk is with data saved by employees in unprotected locations. Make sure users are following best practices so data is protected and consider running a simulation. Saving valuable data on centralized servers, data centers or in the cloud can help reduce risk.
• Assess risk by understanding your data – For businesses, insight software solutions can help identify where key data resides and ensure it complies with organization policies and industry regulations. This is critical not only for identifying challenges, but also for prioritizing the recovery process.
• Consider a software upgrade – this will not be practical for large companies in the time available, but could be part of a longer term strategy. For SMBs, the most sensible solution may be to simply upgrade to an operating system with ongoing support.
• Execute Patches – According to the Ponemon Institute, 60% of respondents who experienced data breaches had a patch available to prevent those breaches. Companies should at least ensure that they are as up-to-date as possible. Users will also be able to purchase "ESUs" from Microsoft to access patches while migrating to newer software.
• Ensure data is backed up – ransomware relies on the idea that paying a ransom will be the only and/or cheapest way to regain access to data, even if a search show that less than half of those who pay are able to recover them from cyber criminals. Veritas advocates the "3-2-1 rule", where data owners have three copies, two on different storage media and one offsite. With an offsite data backup solution, companies have the safest and most reliable option to simply restore them.
EN 
PT 
