Hackers have second United States weapon primed for attack, warn analysts

The WannaCry ransomware that has spread to computers in 150 countries may end up benefiting Microsoft’s stock price.

Two-thirds of those caught up in the past week’s global ransomware attack were running Microsoft’s Windows 7 operating system without the latest security updates, a survey for Reuters by security ratings firm BitSight found.

It is still not likely the technique will help many people, particularly because it works only if their machines have not been rebooted. The virus essentially encrypted files of the affected computer, demanding the user payment of $300 in bitcoin to regain access to these files.

Brad Smith, the president and chief legal officer of the United States technology giant Microsoft, considers that the recent cyberattacks, registered worldwide, should serve as an alarm signal for different governments, which should take urgent actions to maintain cybersecurity.

According to the FT, the cost of updating older Windows versions “went from $200 per device in 2014, when regular support for XP ended, to $400 the following year”, while some clients were asked to pay heftier fees. “There is this stream of liability that flows from the ransomware attack”, he said. Microsoft has been aggressively pushing these after Windows 10 primarily to circumvent these situations and make sure everyone’s on the latest release.

But with Microsoft making an exception this time and providing the patch free to XP users, it may come under pressure to do the same next time it issues a critical security update.

“You can point a lot of fingers, but I think given that this was not a zero-day vulnerability (for which no patch is available), the people hacked are to blame”, said Robert Cattanach, a partner at the worldwide law firm Dorsey & Whitney and an expert on cybersecurity and data breaches.

Dore said companies that faced disruptions because they did not run the Microsoft update or because they were using older versions of Windows could face lawsuits if they publicly touted their cyber security. (These are the most important patches that the company recommends users install immediately). The government has not publicly acknowledged that the NSA developed the tool. Given the potential impact to customers and their businesses, we have also released updates for Windows XP, Windows 8, and Windows Server 2003.

Still, it was Microsoft that wrote the exploitable software to begin with.

The WannaCry ransomware has septic over 350,000 computers across the globe in last few days.

“A large-scale infection has been avoided, thanks to a 72-hour national mobilization and emergency response led by the authorities and supported by the industry”, leading domestic cyber security company 360 Business Security Group said. Meanwhile, ministers hit out at NHS bosses for not improving cybersecurity, amid reports that an upgrade that could have prevented the attack was made available a month ago.

To prepare for fallout with customers, Judson Althoff, a Microsoft executive vice president, sent an email to the company’s field sales team Sunday encouraging them to be supportive of businesses targeted by the attack, or even those who were simply aware of it.

Jonathan Zittrain, a professor specializing in internet law at Harvard Law School, said courts have frequently dismissed lawsuits against the agency on the grounds they might result in the disclosure of top secret information.

Source:http://stocksgazette.com/2017/05/21/hackers-have-second-united-states-weapon-primed-for-attack/