The attackers are demanding payment to let users back into an estimated 230,000 computer systems in more than 150 countries, systems seized using an exploit uncovered by the National Security Agency and made public last month by hackers.
Since the NSA had known about this Windows 10 vulnerability without telling Microsoft, Smith argued, the agency is at least partially to blame. Starting first in the United Kingdom and Spain, the malicious “WannaCrypt” software quickly spread globally, blocking customers from their data unless they paid a ransom using Bitcoin.
But renowned cybersecurity expert Dr. Diana Burley credits – in part – the rise of cyberattacks in recent years and the expanse of the weekend’s global attack in the failure of the average computer user to take preventative measures to avoid such an attack. “Microsoft can’t be proud”. They thought that they did everything that they could to defend their systems, but wannacry disabled many institutions so fast that in the countries most affected, many hospitals were unable to function even though their IT systems are usually the best when it comes to security.
The cyberattack highlights how risky it is for government agencies to continue to engage in the “stockpiling of vulnerabilities” the way they now do, Smith wrote in a blog post on his company’s website.
“We have seen vulnerabilities stored by the Central Intelligence Agency show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world”, wrote Smith in a blog post on Sunday.
Microsoft in a blog post said that, “we at Microsoft have the first responsibility to address these issues“.
Still, it was Microsoft that wrote the exploitable software to begin with.
Granted, some companies will have more machines running Windows XP and Vista, which lost support earlier this year, than others.
In truth, the people most responsible for the spread of WannaCrypt are the companies and private citizens who continue to use outdated software despite repeated warnings that they are putting themselves at risk.
Microsoft President Brad Smith said Sunday that the United States government’s approach to cybersecurity is risky and contributed to a major global cyberattack last week. He noted, however, the complexity that can be involved in patching a security hole. Other sources rely on different methodologies, such as the USA government’s own digital analytics service, which bases its data on visitors directly accessing government sites. The tension between creating hack-proof digital storage and the security imperative of hacking into all forms of digital storage and conversation is at the centre of the debate on the future of the digital world. The computers would operate normally, but the miner would also run in the background. “FireEye has also taken steps to help secure its customers”, Sahu told IANS. The longer you wait, the more you have to pay.
“It’s not rocket science”, Litan said.
Major global companies said they came under attack as well. Asked what the company is doing to prevent such exploitations, he cited “basic IT security blocking and tackling”. It locks down all the files on an infected computer.
The commission had advised that computer users should among other things, “obtain software patch released by Microsoft in March 2017 to fix the virus as well as plan scheduled penetration tests on the networks and systems to ensure protection and availability at all times”.