WannaCry Wallops Russian Post, Highlighting The Risk Of Legacy IT

WannaCry ransomware has claimed yet another victim, this time the Russian postal service, further exposing lapses in cyber security across the globe.

Three employees of the service tipped off the ransomware attack to Reuters, noting that the post office;s automated queue management system has been compromised due to touchscreen terminals running outdated Windows XP operating systems getting infected by the worm.

The infection is a solid indication that there are many major organisations still running legacy software behind some of their critical systems that simply cannot cope with the cyber security challenges of today’s IT climate.

Post office problems

Reuters reported that a spokesman for Russian Post, a state-owned monopoly postal service, said that the touchscreens were not infected but have simply been shut-off as a precaution.

“The virus attack did not touch Russian Post, all systems are working and stable,” the spokesman told the news agency.

However, a worker from a Moscow branch of the post service painted a different picture: “The head guys rang on Thursday and said we had to turn off the terminals immediately. They said this extortion virus had infected them,”

“They rang again yesterday and said we could turn them back on. We did that, but you can see they still don’t work,” he told Reuters.

Regardless of Russian Post’s denial that it has been infected with the WannaCry malware, many Russian organisations appear to be vulnerable to the malicious worm due to a reliance on outdated IT systems.

Russian mobile operator MegaFon and state rail monopoly Russian Railways, along with the Interior Ministry, all reported infections as a result of the spread of WannaCry, with the Russian central bank also reporting that some of its branches have been infected.

The rampant spread of WannaCry highlights the challenged enterprises face in keeping all but their critical systems up-to-date; upgrading to new Windows licenses en-mass can be prohibitively expense for some IT teams with limited budgets.

But with the trouble and disruption WannaCry wreaked on NHS hospitals, there is a strong argument that some organisations have to bit the bullet and fork out for new systems and software if they wish to avoid trouble further down the line.

Quiz: The triumph and the tragedy of public sector IT