Cyber attack could spark lawsuits but not against Microsoft

Joanna Estrada
May 19, 2017

China is preparing to enforce a security law that US businesses believe will keep foreign companies out of the country because of its plan to enforce strict local data laws and surveillance requirements.

On top of that, critics say, the government didn't notify companies like Microsoft about the vulnerabilities quickly enough. "It is deeply disturbing the National Security Agency likely wrote the original malware".

That means the very first attempts to reach that address, which might have been recorded by spy agencies such as the NSA or Russian intelligence, could lead to "patient zero" - the first computer infected with WannaCry.

The WannaCry ransomware was halted by MalwareTech, the United Kingdom cyber security researcher. It demands users pay Dollars 300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the payment will be raised after a certain amount of time. The digital currency is anonymized, but it's possible to track funds as they move from place to place until they end up with an identifiable person.

According to a report by The Times of India, about 70% of the ATMs in India are vulnerable to such global cyberattacks and one of the primary reasons behind is the use of Windows XP version which crippled information systems across the globe.

Choi is one of a number of researchers around the world who have suggested a possible link between the "ransomware" known as WannaCry and hackers linked to North Korea.

Updating the Operating System with the latest Security Updates. And while Microsoft said it had already released a security update to patch the vulnerability one month earlier, the sequence of events fed speculation that the NSA hadn't told the US tech giant about the security risk until after it had been stolen. The officials spoke to The Associated Press on condition of anonymity because they aren't authorized to speak publicly about an ongoing investigation. Salim Neino, CEO of the Los Angeles-based security firm Kryptos Logic, said the WannaCry worm was "poorly designed" - patched together and consisting of a "sum of different parts" with an unsophisticated payment system. That wasn't done here.

The company was the one providing security services to Britain's National Health Service, one of the organisations hit by the ransomware outbreak and possibly the one which earned the most coverage about its misfortunes. Such systems make it much harder for hackers to gain access through a data breach or brute force password attack.

Users who use Windows must install patch files from Microsoft to prevent virus attacks. In February, news broke that content delivery network CloudFlare accidentally leaked customer data, prompting services such as Uber, FitBit and OKCupid to urge users to change their passwords to ensure their accounts remained secure. Businesses should back up data comprehensively, regularly and frequently. Another security company, Symantec, has also found similarities between WannaCry and Lazarus tools.

"The United States, more than probably any other country, is extremely careful with their processes about how they handle any vulnerabilities that they're aware of", Tom Bossert, the White House homeland security adviser, said at a press briefing on Monday.

"NSA should be embarrassed - they've had a lot of damaging leaks", said James Lewis, a former USA official who is now a cyber expert at the Center for Strategic and International Studies.

Other reports by Click Lancashire

Discuss This Article