Microsoft says WannaCry ransomware must be a wake-up call for governments

Joanna Estrada
May 20, 2017

"We have seen vulnerabilities stored by the Central Intelligence Agency show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world".

Then there's the US government, whose Windows hacking tools were leaked to the internet and got into the hands of cybercriminals.

Security firms are encouraging companies and users to make sure they install the official patch from Microsoft.

"An equivalent scenario with conventional weapons would be the USA military having some of its Tomahawk missiles stolen", Smith said.

It also caused a public statement from Microsoft attacking the United States government for stockpiling software exploits, arguing: "An equivalent scenario with conventional weapons would be the USA military having some of its Tomahawk missiles stolen". The company rates the update as "critical" for supported Windows releases. But successive generations of the operating system have been found wanting.

A computer malware that has spread across 150 countries appears to be slowing down, with few reports of fresh attacks globally on Monday.

This image provided by the Twitter page of @fendifille shows a computer at Greater Preston CCG as Britain's National Health Service is investigating "an issue with IT" Friday May 12, 2017. Through this technique, hackers hold your computer hostage by encrypting nearly all the data on your device until you pay the ransom amount asked by the hacker. Apart from this weekend's attacks, criminals have locked down part of San Francisco's public transit system and a hospital in Los Angeles-in the latter case, forcing the hospital to pony up $17,000 to regain access to its files.

If you have automatic updates enabled on your computer, you will have gotten the patch in March.

WannaCry developers have prepared a Q&A section in various languages, offering infected users localised instructions on how to recover data and how to pay the ransom.

In a White House press briefing today, Bossert said less than $70,000 has been paid in response to the cyberattacks. The ransomware also "drops a file named '!Please Read Me!.txt' that contains the text explaining what has happened [to the computer] and how to pay the ransom".

"Clearly having the vulnerability be in Microsoft software was one of the key elements", said Steve Grobman, chief technology officer of McAfee, a security company in Santa Clara, California. "Many people installed the patches and others did not, and that was the main problem". As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems.

Most of the computers infected by the WannaCry ransomware were running older versions of Windows operating system that have not been recently updated.

"We're looking at many decades of building complex systems - one on top of the other - with no effort to go back to fix what we did wrong along the way", said Wendy Nather, principal security strategist at Duo Security, who has worked in security for 22 years.

He said Microsoft is "working comprehensively to address cybersecurity threats", and said the company will share with relevant law enforcement what lessons it learns from this attack.

Other reports by Click Lancashire

Discuss This Article

FOLLOW OUR NEWSPAPER