WannaCry is your fault — Microsoft to NSA

Angelica Greene
May 19, 2017

In the informative article, the company discusses the May 12, WannaCry ransomware attack and a recent ransomware warning from the 2017 Internet Security Threat Report by Symantec.

All banks in the country have been ordered to keep their ATMs closed until the machines are protected from the WannaCry ransomware. If the NSA simply disclosed their software vulnerabilities to the software manufacturers instead of hiding it and creating malware, perhaps the WannaCry ransomware attack would not have happened, or at least would not have occurred on such a significant scale. But the latest iterations have become increasingly sophisticated.

WannaCry was one of the first highly publicized attacks in which ransomware was weaponized and used against numerous companies at once, there will undoubtedly be future attacks. Microsoft released a patch for the flaw in March after hackers stole the exploit from the NSA. The vulnerability allows cybercriminals to install and execute malicious code on infected gadgets.

Computers in 150 countries have been affected. But in this case, according to Kaspersky Lab, the shared code was removed from the versions of WannaCry that are now circulating, which reduces the likelihood of such a "false flag" attempt at misdirection.

FedEx, French automaker Renault and Spanish telecommunications firm Telefonica are among those attacked. The British National Health Service was one of the earlier targets and also among the hardest hit. It also appears to be able to spread to other computers outside corporate networks. The hospitals were forced to turn away all non-emergency patients. NHS hospitals in Wales and Northern Ireland were unaffected by the attack.

Is the threat still out there? Security experts have disputed claims that the virus was spread through suspicious emails, speculating that computers were vulnerable to the bug regardless of how vigilant users were. Microsoft also took the unusual step of releasing security fixes for systems it no longer is keeping up to date, including the Windows XP, first released in 2001 and still widely used in some corners. "It jumped to $1,000 after that", the report said. It locks down all the files on an infected computer.

You should make multiple backups - to cloud services and using physical disk drives, at regular and frequent intervals.

Senators Say Still Many Questions To Be Answered After Rosenstein Briefing
The appointment of Mueller as special counsel came as a welcome surprise to many, including Bernazzani, who used to work for him. Swecker served as Assistant Director of the FBI Criminal Investigations Division under Mueller.

Global cyber-attack: How roots can be traced to the US
But some sort of agreement by governments to not stockpile vulnerabilities that can be exploited by bad guys is needed. What versions of Windows are affected? The NSA may know of hundreds, or even thousands, of them.

Global Positioning System ask patients to delay contact while cyber-attack backlog clears
Some have also been machines involved in manufacturing or hospital functions, hard to patch without disrupting operations. While investigations continue, other cyber security companies are warning that this is just the tip of the iceberg.

Computers and networks that hadn't recently updated their systems are still at risk because the ransomware is lurking. There are nearly 150 million computers running Windows XP operation system globally.

But many computers remained vulnerable, either because consumers did not patch them or because the patch did not fit their older operating systems.

WannaCry ransomware which affected operations at the USA health care system and French auto maker Renault, appears to have had less impact on corporate India's operations. Don't open attachments from people you don't know, and don't visit potentially compromised websites. Several security holes are fixed before they can be exploited.

Smith repeated a call he made in February, calling for an worldwide convention on the use of cyberwarfare akin to the Geneva Conventions' protections for noncombatants and other guidelines in conventional warfare.

Microsoft is pointing the finger at the USA government, while some experts say the software giant is accountable too.

If you're serious about this "wake-up call", Microsoft, use your dominant market position to find better ways of tackling the security problem.

Smith says cyberweapons require a new approach, and governments must "consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits".

Other reports by GizPress

Discuss This Article

FOLLOW OUR NEWSPAPER