Published: Sat, May 20, 2017
Hi-Tech | By Ellis Neal

'WannaCry' Ransomware Attack Stymies Global PCs

There's a blame game brewing over who's responsible for the past week's cyberattack that infected hundreds of thousands of computers.

Then there's the US government, whose Windows hacking tools were leaked to the internet and got into the hands of cybercriminals.

The worm encrypts data on an infected system, and then tells the user that their files have been locked and displays information on how much is to be paid and when - up to roughly $600 in bitcoin. Smith urged the government "to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them", as the company called for in February when it proposed a new Digital Geneva Convention. "Still, the NSA can't be very proud of this".

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem", Microsoft President and Chief Legal Officer Brad Smith said in a blog post on Sunday, comparing the recent leaks of NSA and Central Intelligence Agency hacking tools to, in the real world, the theft of cruise missiles.

The newspaper said that the role of the USA security apparatus in the attack should "instil greater urgency" in China's mission to replace foreign technology with its own. Brad Smith, Microsoft's top lawyer, criticized USA intelligence agencies for "stockpiling" software code that can be used by hackers.

"T$3 his attack demonstrates the degree to which cybersecurity has become a shared responsibility between tech companies and customers", Smith said in his blog post.

Here's the link to the official update page by Microsoft, which includes patches for most of the versions. Certainly, other major state-run organisations have also been hit by the ransomware, including German railway company Deutsche Bahn and the US Department of Homeland Security.

Microsoft is pointing the finger at the USA government, while some experts say the software giant is accountable, too.

Still, it was Microsoft that wrote the exploitable software to begin with.

A senior banker said all the ATMs running on the old Windows XP system are absolutely safe as the programme of the ransom virus was so long that it could not be executed by the operating systems.

There are 2.2 lakh ATMs in India, of which few may be running on old Windows XP, which is an older version of the software, which may be insulating these machines from the malware.

Microsoft had released in March a patch to fix the flaw exploited this week, but many computers, particularly older systems or devices that hadn't been updated, remained vulnerable.

Systems should also be patched before powering up PCs, while systems should be kept up to date with robust enterprise-level patches and the installation of a vulnerability management program - which should be continuously evaluated as risks evolve.

"Technology companies owe their customers a reliable process for patching security vulnerabilities", he said.

The latest ransomware attack sent the world into turmoil this week.

Meanwhile, there is at least one thing the government and security experts agree on: People who have seen the dreaded WannaCry screen should not pay the ransom.

Michael Mitchell, spokesman for Oreo cookie maker Mondelez International, said the company is not aware of any incidents from the attack, though it did alert employees.

Like this: