China is preparing to enforce a wide-reaching cyber security law that US business groups say will threaten the operations of foreign firms in the country with strict local data storage laws and stringent surveillance requirements.
With the world still getting to grips with the unprecedented global cyber attacks through the WannaCry ransomware, the group that made such an attack possible has promised that it would soon be making tools available, which could lead to similar attacks in the future. It used a variant of the Shadow Brokers’ APT EternalBlue Exploit (CC-1353), and used strong encryption on files such as documents, images, and videos. The hackers do not always release the ransomed data and files after receiving payment. That’s why it’s called ransomware.
Microsoft itself is unlikely to face legal trouble over the flaw in Windows being exploited by WannaCry, according to legal experts.
Europol’s European Cybercrime Centre said that anyone hit by ransomware should use the unlocking tools provided at NoMoreRansom.org, a free resource developed by Europol in partnership with the Dutch police and other industry partners. However, it is extremely ironic that just eight weeks ago, Microsoft released a patch for the “WannaCry” vulnerability.
Update your software: Ransomware is most effective at targeting outdated and unpatched versions of Windows Software.
Consumers are also at risk. Despite the lack of cover, plenty of Microsoft’s customers are still running older software that may still be vulnerable. Hundreds of thousands of computers in more than 150 countries were impacted. Domestic banks, the interior and health ministries, the state-owned Russian railway firm and the second largest mobile phone network were all reported to have been hit. And while Microsoft had already released a security update to patch the vulnerability one month earlier, the sequence of events fed speculation that the NSA hadn’t told the USA tech giant about the security risk until after it had been stolen. The NSA stockpiles ways to hack computers in case they need to hack someone’s computers real quick (without a warrant?).
The easiest way in which a ransomware ends up in someone’s computer is through e-mail. You should ensure your software is updated and your computer is running an operating system that is supported by its developer. Install Microsoft’s patch. 3.
At the very least, governments should be paying for updates to Windows XP.
Security researchers have already deployed failsafe measures to prevent further damage from this software. Experts say it will be hard for them to replicate the conditions that allowed the so-called WannaCry ransomware to proliferate across the globe.
Microsoft could have slowed the devastating spread of ransomware WannaCry to businesses, reports the Financial Times.
If the attackers hit critical national infrastructure and cause death and destruction, then you enter the realm of the War Powers Act and post 9/11 legislation, as well as the core presidential authority to pursue the attackers and country housing them. Initially created to enable surreptitious access to a specific targeted computer, EternalBlue was refashioned in WannaCry to instead target many computers by its new wormlike behaviour.
On Sunday, the US software giant called on intelligence services to strike a better balance between their desire to keep software flaws secret – in order to conduct espionage and cyber warfare – and sharing those flaws with technology companies to better secure the internet.