The malware spread through phishing attacks, malicious emails and infected attachments, encrypting every file it can on a computer and then posting a landing page demanding a $300 ransom payment in Bitcoin in order for the files to be unlocked. “The federal government has really dropped the ball on cooperation between the tech companies and the government agencies”.
Microsoft has come out in defence of its role in Friday’s on-going global cyber-attack, criticising the role of the US National Security Agency in creating tools that were subsequently leaked and then used in Friday’s attacks.
Russias Interior Ministry, with oversight of the police forces, said about 1,000 computers were infected, which it described as less than 1 percent of the total, according to its website. During the weekend, Microsoft called out the NSA for researching and hiding vulnerabilities, comparing this incident to theft of a USA missile.
The attack stoked fears that the spy agency’s powerful cyber weapons could now be turned to criminal use, ratcheting up cyber security threats to a whole new level.
Where to start pointing fingers?
· Patch all Software: Install a patch program and make sure it extends to security software. It appears to have hit first in Britain, where it effectively shut down parts of the National Health Service.
Yet above the entire chorus of blame, Microsoft is also promoting clearer cybersecurity expectations and responsibilities for companies and governments.
As the worm, known as WannaCry, has been contained, more free time has opened up in which to argue and assign blame beyond the anonymous hackers who used leaked NSA code to assemble the virus, and whatever party made a decision to turn it into ransomware. But they could all be drawing conclusions from a very small set of clues.
“Up until now it didn’t get much attention, because it didn’t have the ability to get beyond individuals and their companies”.
Back in 2015, one of Apple’s arguments against providing a special version of iOS to the Federal Bureau of Investigation that would allow that agency to attempt to break through passcode protection on an iPhone used by one of the San Bernardino shooters is that despite the FBI’s promise of keeping it secret, it would inevitably leak.
The culprit was “ransomware” known as WanaCryptOr 2.0, or WannaCry. That wasn’t a great idea in 1995, and has only gotten more unsafe in subsequent years. The company will notify users via Twitter and Facebook when it becomes available.
Dore said companies that faced disruptions because they did not run the Microsoft update or because they were using older versions of Windows could face lawsuits if they publicly touted their cyber security. As it is, if they have a piece of malware, it’s highly likely that even small-time criminals will have it, too. This weekend’s virus was particularly virulent, because it could spread to all other computers on a network even if just one user clicked a bad link or attachment. According to Business Insider, about 7% of PCs are still running XP, and nearly half are running Windows 7 (which is also soon reaching that window where its support will end). According to research by cybersecurity firm Trustlook, for example, over one in three victims of ransomware pay up. That’s why it is critical that you keep your Windows OS up to date.
That is why, Microsoft called in February for a new “Digital Geneva Convention” to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.
It doesn’t have to be like this.
Wainwright expressed his fears that the virus could spread across other sectors with particular risks today as most workers return to their desks. The government claims it discloses most, but the Shadow Brokers seem to have put the lie to that. The unholy alliance between the American IT giants and the National Security Agency is no more a secret.
Microsoft can’t change the past, but it can help with the future.