Ransom-ware Attack & Human Behavior

I can understand that bootleg copies of Windows were hit by the current ransom-ware attack. But I do not understand why hundreds (thousands?) of organizations and companies were also hit. Keeping software up to date is at the top of the list for protection against malware. So why are so many computers out of date? System administrators at these sites aren't stupid. Are they overworked? lazy? What the heck is gong on? Even hospitals were hit!!

Does anyone have an explanation for the human behavior behind not keeping systems up to date?

 

It had nothing to do with 'bootleg' software nor is it just about old Operating Systems - Windows 8 was also affected. Read this thread instead so you can see what it is about.
http://forums.majorgeeks.com/index.php?threads/ransomware-infections-reported-worldwide.316454/

 

Money. At my job, we have machines that were converted from mechanical switch to PLC many years ago. The software and drivers to interface with them is not compatible with any current OS beyond XP as they are obsolete and unsupported. As they still perform their function, the corporation has no intention to upgrade to newer and expensive currently supported hardware. I'm sure this is not an uncommon situation.

 

The place that i work for still uses windows 7.Which case i don't blame them.It's a lot easier to maintain than upgrading and spending millions on parts.

Hell just for me alone to sell a system i probably spend about 2 grand just to build a good computer to sell.

 

The following is a joke for your forum subject matter.....do not take it seriously.

For some reason the words "data decompile and audit....sputter.....corrupt file and data bit allocation in the boot sector....sputter....and o.s. partition/drive of the ransom-ware senders computer". Or find the ransomeware sender's computer.....sputter......sledgehammer......sputter....or....sputter......tape 20 lbs of rancid comp-b to it, light it on fire and throw it off of a cliff.

ROTFLMAO

 

The company I work for solved that issue by running the legacy/unsupported applications in a VM for everyone who needs to use them. Most of us are on Windows 7 for daily work, though the company is slowly shifting over to Windows 10.

The reason a lot of computers aren't up to date for large organisations is because they don't roll out any update until after it has been thoroughly tested and validated to make sure that every single internal and often proprietary application and tool across the entire company globally, works flawlessly with the update. they never do, and adjustments need to be made before the update can be deployed across the organisation.

Hospitals prefer trying to avoid scenarios like a Windows update introducing an unexpected backdoor into the patient database, or temporarily shutting down vital software needed for running the hospital's day to day operations.

"I'm sorry, but we can't rush your blood tests because the entire computer system is down right now. We should be able to get back the result of your pregnancy test sin about two months or so."

 

Proving once again that the human element (= stupid people who can't be trusted to know better no matter how many times you remind them) remain the single greatest security risk to any system.

 

This is exactly why Windows should not be used in this case. Use a long term OS, something secure and stable for decades.