The techniqued used by the cyber-criminals to disseminate the “wannacry” worm was reportedly originally developed by the US National Security Agency.
The “Wannacry” computer virus attack over the weekend was reportedly disseminated with the aid of software developed by the US National Security Agency (NSA).
Software giant Microsoft said the technique used by cyber-criminals to distribute the virus was originally developed the NSA. It was never meant to make it “out into the wild” but reports indicate the code was stolen from the NSA and leaked online by a group known as the Shadow Brokers.
Brad Smith, Microsoft president and chief legal officer, said in a blog post that the governments of the world “should treat this attack as a wake-up call,” though he did not go on to say that they should abandon using Microsoft operating systems.
The company’s ancient Windows XP, which the company is no longer supporting, has a number of security vulnerabilities that can be exploited by “ransomware”.
“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,” Smith said.
Smith said: “We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
“An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.”
Cyber-security specialists are bracing themselves for new versions of the computer “worm” – so-called because it burrows its way deep into computer systems – to materialise in the coming day.
The spread of the original virus was inadvertently halted by a researcher who stumbled across a “kill switch” that was hard coded into the malware, thus enabling the creator to turn off the worm, presumably upon receipt of sufficient funds.
The effects could be turned off if the software looks up a specific domain name and finds it exists; the “inadvertent hero” who stopped the spread of the virus in its tracks simply registered the domain, thus triggering the “kill switch”.
The technique used by the cyber-criminals to spread the worm was based on a cyber weapon developed by the NSA called EternalBlue, according to WikiLeaks.
Microsoft has since issued a security patch to address the issue that EternalBlue exploits, but an estimated one million computers are out there that have not downloaded and applied the patch.
Shares of cyber-security stocks were wanted in early trading in London. NCC Group PLC (LON:NCC) was up 3.6% at 143.02p, while Corero Network Security PLC (LON:CNS) was up 4.9% at 8.125p while the big gainer was Ecsc Group PLC (LON:ECSC), up 18.43% at 469p.