Today, however, I'm taking all of that back. Because it turns out that Microsoft had the XP WannaCry patch ready to go months ago, held it back while they shook down their customers for more money, and only finally released it for free once the unpatched vulnerability started taking down hospitals.
From Tech Times:
Microsoft, which called out the NSA and other government agencies for their role in the creation and launch of WannaCry, may itself have been part of why the ransomware was able to cause so much chaos.
As the world attempts to recover from the damage caused by WannaCry, a new report claims that Microsoft could have helped prevent its spread, but decided not to do so.
According to a report by the Financial Times, Microsoft held back a free update that would have patched up the vulnerability that WannaCry used to compromise computers running on the old Windows XP operating system.
The report claims that Microsoft delayed the rollout of the patch because it initially wanted payments of up to $1,000 per Windows XP computer for "custom" support.
Microsoft has struggled to push users and corporations to upgrade from older versions of the Windows operating system to the latest and secure Windows 10, even if the company had already stopped the support for versions such as Windows XP. The significant number of users who have not yet upgraded to Windows 10 were highly vulnerable to WannaCry when it started its worldwide rampage last week.
Microsoft still continues to provide support for governments and organizations, but in exchange for hefty payments. While the company offers special deals for the first year, the high costs have forced entities such as the National Health Service of the United Kingdom to discontinue receiving support.
The National Health Service turned out to be one of the biggest victims of WannaCry, as it spread across 150 countries and infecting about 200,000 computers.
That is so much bullshit, in one tidy package. The fact that Microsoft had the sheer gall to be complaining about spy agencies' stockpiling of these vulnerabilities, when they themselves were using the same vulnerabilities to shake the UK's hospital system down for an amount of cash that they damn well knew the NHS didn't have to spend, is reprehensible. Microsoft's blatant greed, and their wilful disregard for the consequences to innocent bystanders when their broken shit took down the UK's hospital system, all feels like something that should be actionable. If there isn't already a law against this, there should be.
Good job, Microsoft! You've managed to take the one halfway-decent thing you've done in the last two years, and turn it into bullshit. Of all the egregiously anti-consumer shit you've pulled in the last two years, this is literally the worst. Fuck you all.
And fuck the tech writers, too, who keep trying to blame the victims for having been victims here. And, yes, that includes Tech Times, who end their article with this chestnut:
However, the victims of WannaCry may also blame themselves for remaining unprotected against the ransomware attack. Many users and corporations could have prevented having their systems locked by the ransomware by upgrading their operating systems and installing the necessary updates, instead of subscribing to the theory of "if it's not broke, don't fix it."
According to Microsoft, it prefers for users and enterprise customers to upgrade to Windows 10 instead of having to pay for support for older versions of the operating system. It can be argued that Microsoft should have released the patch to fix the vulnerability that WannaCry exploited in Windows XP, but perhaps it would have been better off if customers were not on Windows XP in the first place.
There are reasons why the publicly-funded NHS hasn't replaced all of its fully-functional Windows XP machines with expensive new PCs, you dicks, and the hospital-specific software they're running may not even be compatible with newer versions of Windows. The fact that you'd even think to blame the victims for this, after it's been revealed that Microsoft actually tried to cash in on WannaCry by extorting money from the UK hospital system, is beyond the pale.
The NHS's patients (also victims of WannaCry) are not at fault, here, and the NHS certainly doesn't bear any weight of culpability comparable to that of the actors who exploited this vulnerability for financial gain. That burden falls entirely on two sets of shoulders: those of the black hats who shipped this ransomware in the first place, and those of Microsoft, who tried to exploit the occasion to squeeze some extra money out of the UK's fucking hospital system. Fuck anyone who says otherwise, and fuck Microsoft, too.
Fuck.
Fuck.