Microsoft says WannaCry ransomware must be a wake-up call for governments
WannaCry, the company argues, represents just the latest example of why intelligence agencies should not stockpile computer vulnerabilities that they use to hack into enemy systems.
Coverage for extortion, business interruption and the cost of outside experts is included under broad cyber policies that many organizations buy, Mr. Reagan said.
But no system is foolproof, and even more importantly, their practice of stockpiling vulnerability is a questionable NSA practice that directly enabled this attack.
Government agencies said they were unaffected.
NHS Digital said health trusts across England were sent details of an IT security patch that would have protected them from the attack. He said the government has not ruled out that “we haven’t ruled out that this is a state attack”.
While the Reserve Bank of India (RBI) cleared that it has advised the banks to operate their ATMs only after a software update with a security patch to protect them from such cyber attacks in future, it did not see any bank data being encrypted by the WannaCry Ransomware in any of the major banks in India.
Since then, the company has poured billions of dollars into security initiatives, employing more than 3,500 engineers dedicated to security.
The most public damage in South Korea was to cinema chain CJ CGV Co. Russia’s Interior Ministry and companies including Spain’s Telefonica, FedEx Corp.in the USA and French carmaker Renault all reported troubles.
“Code for exploiting that bug, which is known as “Eternal Blue” in Microsoft’s Windows operating system, was released on the internet in March and Microsoft released patches last month”, Wu noted.
“After the virus breakout, the authorities immediately made arrangements for cyber security guards and domestic cyber security companies to proactively provide security services and preventive tools”, the official said.
“You are dealing with a criminal”, he said.
If you are attacked, the best defense against ransomware is to have secure backups of all critical systems so that if you are attacked, you can restore your systems quickly without having to pay the ransom.
At present, the so-called “kill switch” for the attack, discovered by a young British cybersecurity researcher, is no longer effective.
Yevgeny Yushchuk, an expert on cybercrime at Urals Economic University, said that since “computer weapons”, are easier to spread around than, say, nuclear, chemical or bacteriological weapons, the chances of them falling into criminal hands are very high. When a user clicks on the link, their computer and the information on it is held for ransom while being used to further spread the ransomware. We can not expect criminal hackers to be held accountable for their actions, but we should hold our government agencies accountable.
“The government can’t do this alone – they’re really going to have to reach out and work with Apple, with Microsoft and Google”, Martin said. Most of the leaked exploits are said to use zero-day vulnerabilities, previously unknown software exploits used by hackers before the software makers are aware of them.
Large swathes of the NHS were paralysed by the cyber attack, which hit 200,000 victims in 150 countries around the world.
Similarly, two big telecom companies, Telefónica (TEF) of Spain and Megafon of Russian Federation, were also hit, as was Japanese carmaker Nissan (NSANF) in the United Kingdom.
It was too early to say who was behind the onslaught, which struck 100,000 organizations, and what their motivation was, aside from the obvious demand for money.
In the wake of the massive cybersecurity attack, Microsoft issued a statement regarding the WannaCry ransomware and how everyone needs to come together to be able to prevent such incidents from happening again.