Is The ATM WannaCry’s Next Target?
The WannaCry ransomware recently dropped onto the scene, and in so doing, did more than its share of damage. It hit hospitals, airlines, and a host of other businesses from there, and did particular damage to those running older versions of Windows.
That’s led some to wonder if perhaps the next big target of WannaCry, or just a WannaCry-style ransomware system, might be the automated teller machine (ATM) market.
It’s an easy supposition to make; when Microsoft first announced that Windows XP was losing support in favor of Windows 7, banks weren’t exactly quick on the draw to bring the operating systems up to speed thanks to a combination of costs and time required.
Since ATMs are designed to be operated unattended, there’s a lot more testing that goes into such machines, which means operating system upgrades aren’t as simple as they would be on a PC.
While most ATMs to this day run on Windows 7, there are still a substantial number running Windows XP, particularly for smaller institutions that may only have between one and three ATMs currently in operation.
Upgrades to Windows 10, which would help harden such systems, are unlikely as ATM manufacturers are only just now offering Windows 10 upgrades. This is almost two years after the operating system was released.
Though some don’t necessarily believe that ATMs are specifically more vulnerable than other computers, the plain and simple is that ATMs are often running much older operating systems—in some cases two generations behind—and therefore don’t benefit from the protective measures that have been established in that time.
It’s like allowing a modern-day criminal access to time travel capabilities going back about 10 years or so, to when systems like Windows 7 were top of the line and Windows XP was commonly in use everywhere else.
Granted, this is only potential disaster. Finding some of those smaller institutions’ ATM locations might be tougher for most crooks than they’d care to engage in, even with their lesser-protected nature. At the same time, this is a threat that can’t go ignored; there’s just too much at risk