Microsoft Says The NSA Shares Blame For Ransomware Attacks

Adjust Comment Print

In Russia, that same virus knocked thousands of computers offline at the Interior Ministry.

Vernick said businesses that failed to update their software could face scrutiny from the U.S. Federal Trade Commission, which has previously sued companies for misrepresenting their data privacy measures. "Governments should not expect that they can hold on to vulnerabilities as long as they used to and we have to come up with coping mechanisms for it". Smith's post wasn't fair, argued a source with experience at U.S. Cyber Command, an offensive-minded cyber warfare unit commanded by the director of the NSA. Ransomware is a type of malware that essentially takes over a computer and prevents users from accessing data on it until a ransom is paid, he said. The first piece of malware that demanded payment was written in 1989.

So far, in one of the worst cyberattacks in recent memory, WannaCry has hit computers in 150 countries, according to Europol.

In Japan, several large manufacturers have been hit, reporter John Matthews tells NPR: "Companies including Hitachi have reported several of their systems going down, including computers at a hospital in eastern Japan".

The exploitation of EternalBlue, suspected to have been developed using a hacking method leaked from US National Security Agency, allows the malware to spread through file-sharing protocols set up across the internal networks of organisations, many of which criss-cross the globe, according to Financial Times.

The virus hit computers running older versions of Microsoft Corp software that had not been recently updated.

Apple is not invulnerable to ransomware attacks, "a common misconception", one expert tells CNBC.

Microsoft calls for 'urgent collective action' after major global cyberattack
The attack has reportedly hit 74 countries including the United Kingdom , U.S., China, Russia, Spain, Italy and Taiwan. At the same time, Microsoft's current reputation with buggy updates isn't exactly helping the situation.

In a Microsoft blog post issued on Monday, company president Brad Smith called the WannaCry attack a "wake-up call" for the global governments and the tech sector to stop exploiting digital vulnerabilities and work together.

"The governments of the world should treat this attack as a wake-up call", they continued, claiming that government agencies "need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world".

For the most part, civil liberties groups are siding with Microsoft.

On top of that, critics say, the government didn't notify companies like Microsoft about the vulnerabilities quickly enough.

The computing giant said software vulnerabilities hoarded by governments had caused "widespread damage", the BBC reported.

Therein lies the uncomfortable irony for Microsoft. Microsoft issued a patch for this vulnerability back in March, but people are unfortunately slow to update. In the case of Britain's National Health Service, a significant number of its computers run Windows XP, an operating system that Microsoft stopped upgrading in 2014.

The aggressive malware, dubbed WannaCrypt, utilized a previously reported vulnerability found within the Windows operating system produced by Microsoft. The company has more than 3,500 engineers who are working comprehensively to address cybersecurity threats. He said people still using older systems should upgrade. But for a host of reasons, even patching computer systems is a hard challenge. You can also specify the schedule that Windows follows to install updates on your computer.

Comments