Cry if you WannaCry, but don’t blame Microsoft for it
This story doesn’t feel too surprising.
High-profile victims include hospitals in Britain, the Spanish telecoms giant Telefonica, French carmaker Renault, US package delivery company FedEx, Russia’s interior ministry and the German rail operator Deutsche Bahn. But is the public sector really any worse than the private sector at keeping its IT security up to date and avoiding cybercrime?
The malware is spread on the network by leveraging the vulnerability in “Server Message Block” (SMB), a network protocol in the Windows Operating System.
The question remains: for all the benefits that software updates provide, why the apathy?
Even if your organization does not now believe that it has been affected by this virus, it should back up important files and install the latest Microsoft patches across its entire infrastructure where the Windows OS is used. (These are the most important patches that the company recommends users install immediately).
Organizations and networks worldwide have since Friday been dealing with the fallout of massive ransomware attack that exploited a hole in PCs running Microsoft Windows that haven’t been updated.
Microsoft therefore took the highly unusual step to release an update for Windows XP users and urge them to update their software (if possible) as soon as possible.
However, Tom Bossert, President Trump’s Homeland Security Advisor, told members of the media that the infection rates have “slowed over the weekend” since WannaCry started in the United Kingdom on Friday and quickly spread to the rest of the globe. But others familiar with government cyber practices defended the agency’s broader practice of keeping vulnerabilities, and not just because analysts believe the agency keeps only dozens, not hundreds, secret.
It also added that the top five cities impacted by the ransomware attack are Kolkata followed by Delhi, Bhubaneswar, Pune and Mumbai, while the top top five states with the largest number of reports of WannaCry malware are West Bengal, Maharashtra, Gujarat, Delhi NCR, and Odisha. They thought that they did everything that they could to defend their systems, but wannacry disabled many institutions so fast that in the countries most affected, many hospitals were unable to function even though their IT systems are usually the best when it comes to security.
Having a backup of all your data files won’t protect you against being infected by malware, but it will greatly limit the damage from any attack that deletes or encrypts your data. Do not enable macros, cybersecurity company Symantec says. Often they don’t even have the awareness that there’s a problem to begin with. “As a result, many IT departments lack the resources and budget needed to upgrade to newer operating systems like Windows 10”.
Criminal hacking groups have repurposed a second classified cyberweapon stolen from USA spies and have made it available on the so-called dark web after the success of the WannaCry attack that swept across the globe on Friday.
Cyber-attacks on the scale of WannaCry may remind organisations about the need to maintain their IT security.