Microsoft held back a free WannaCry patch, report says

The repair would have slowed down the ransomware, but customers running older software were charged for protection.

Aloysius Low Senior Editor
Aloysius Low is a Senior Editor at CNET covering mobile and Asia. Based in Singapore, he loves playing Dota 2 when he can spare the time and is also the owner-minion of two adorable cats.
Aloysius Low
2 min read
Watch this: Why the WannaCry cyberattack is so bad, and so avoidable

Microsoft could have slowed the devastating spread of ransomware WannaCry to businesses, the Financial Times reports. Instead, it held back a free repair update on machines running older software like Windows XP.

Microsoft wanted hefty fees of up to $1,000 a year from businesses for "custom" support and protection against attacks like WannaCry, which locks your computer unless you pay the hackers in bitcoin, said the publication.

While Microsoft finally did make the patch available free of charge to Windows XP machines last Friday, damage had already been done. The company has since been trying to convince customers, business or otherwise, to switch to its newer and more secure Windows 10 . Despite the lack of cover, plenty of Microsoft's customers are still running older software that may still be vulnerable.

"Recognizing that for a variety of business reasons, companies sometimes choose not to upgrade even after 10 or 15 years, Microsoft offers custom support agreements as a stopgap measure," said a Microsoft spokesperson in a statement to CNET.

"To be clear, Microsoft would prefer that companies upgrade and realize the full benefits of the latest version rather than choose custom support. Security experts agree that the best protection is to be on a modern, up-to-date system that incorporates the latest defense-in-depth innovations. Older systems, even if fully up-to-date, simply lack the latest protections."

Initial WannaCry attacks were slowed by a security professional who found the ransomeware's kill switch, but newer, more resistant versions have appeared. At last count, over 200,000 computers in over 150 countries had been hit with the ransomware.