Hospitals, automotive manufacturers and regular consumers have fallen prey to the largest ransomware attack in internet history as hackers exploit a known vulnerability in Microsoft’s operating system.
Sounds dire. But the Microsoft brand is likely to emerge without significant damage, partly because cyber attacks have become commonplace even if the scale has grown. It’s unlikely that the incident will drive institutions and consumers from Microsoft toward Apple products, even in spite their reputation for being immune to such outbreaks.
“I don’t believe the Apple-Microsoft debate is about security,” said Sean Pike, program VP in the security products group at IDC, a tech industry research provider. “If Apple or any other operating system became the predominant system, I’m positive that more attacks would target vulnerabilities specific to that operating system.”
Apple’s share of new worldwide PC shipments has grown to about 7% last year from 5% in 2012, according to the latest figures from IDC. Microsoft, in contrast, controlled 90% of the PC market.
“Everyone is a bit numb to attacks because they hear so much about them now and Microsoft benefits from that,” Pike added. “When something happens, the finger gets pointed at the attacker, not at Microsoft. It also help that Microsoft had already deployed a patch capable of stopping this attack.”
The attackers are demanding payment to let users back into an estimated 230,000 computer systems in more than 150 countries, systems seized using an exploit uncovered by the National Security Agency and made public last month by hackers. Brands like Nissan and FedEx have said they’ve been affected. It’s unclear whether other major marketers were hit.
Microsoft released a patch to address the issue in March, but many users have yet to update their systems.
While the attack has dominated headlines for several days, Microsoft itself has said relatively little about it. It doesn’t mention it on its website or Facebook page, where consumers might presumably look for guidance or notice a warning. It has, however, retweeted a blog post by Brad Smith, president and chief legal officer at Microsoft, who directs much of the blame toward the U.S. government, arguing that it should have alerted the $524 billion tech titan about the problem.
In an emailed statement, Microsoft said those that are running its free antivirus software or have Windows Update enabled are protected. “Given the potential impact to customers and their businesses, we have also released updates for Windows XP, Windows 8, and Windows Server 2003,” it said.
Brandwatch, a social media monitoring company, said mentions of “WannaCry” or “WannaCrypt” have been mentioned more than 230,000 times on Facebook, Twitter and Instagram since Friday.
“While the WannaCry attack exploited vulnerabilities in Microsoft systems and devices, the attack itself shouldn’t hurt Microsoft’s brand,” Kellan Terry, senior data analyst at Brandwatch, said. “It’s never ideal to be associated with a negative happening like this, but Microsoft didn’t perpetuate the attack itself. The brand, here too, is a victim. It would be a different story if the attack compromised newer systems, but it specifically sought out those that are old and outdated.”
“This may give some people pause the next time they look to purchase a computer, but ultimately people generally choose a brand and operating system that they are familiar and comfortable with,” Terry added.
The issue is more of a “security orchestration problem” for businesses, which need to make sure they’re on top of updating and patching the software on their computers, according to IDC’s Pike. “It’s a big surprise when ransomware hits, and suddenly the most important machine in a business doesn’t work anymore,” he said. “That is the definition of living dangerously. Organizations have to understand critical assets and take appropriate measures to rectify any security challenges present.”
YouGov BrandIndex, which conducts daily consumer research on major brands, said it’s too early to determine whether the WannaCry virus has damaged perceptions of Microsoft or purchase consideration.