Microsoft Faulted Over Ransomware While Shifting Blame to NSA

Microsoft Faulted Over Ransomware While Shifting Blame to NSA

Here are some of the key players in the attack and what may - or may not - be their fault. "Yet, when a serious vulnerability is discovered in software, many companies respond slowly or say it's not their problem". Brad Smith, Microsoft's top lawyer, criticized US intelligence agencies for "stockpiling" software code that can be used by hackers.

The hackers use tools stolen from the US National Security Agency (NSA) and released on the internet.

Millard encouraged IT personnel to patch their systems as soon as possible to head off the next WannaCry wave. In addition, Microsoft also took the very unique step of recently releasing security updates to address the vulnerability for Windows XP and Server 2003, even though they are both years past their Extended Support lifetimes.

The episode underscores the folly of the US law enforcement demand that tech companies install backdoors into their devices and services.

"Even though it's becoming harder and harder, the incentives have increased tremendously", said Mador, who previously worked on security response at Microsoft.

Still, it was Microsoft that wrote the exploitable software to begin with.

An analysis by The Register revealed that the patches weren't new, though, and had been around since February 2017.

According to the FT, the cost of updating older Windows versions "went from US$200 (RM865.50) per device in 2014, when regular support for XP ended, to US$400 the following year", while some clients were asked to pay heftier fees. And just as they are unlikely to pay for an upgrade to their operating systems, they may not want to - or be able to - pay for security fixes.

He urged people not to ignore security updates.

So, security experts have some tips about what can people do in order to protect themselves from cyber-attacks. He added it was a helpful thing that the company had set up a patch capable of stopping the attack. The computers would operate normally, but the miner would also run in the background. Backups often are also out of date and missing critical information.

WannaCry appears to target mainly enterprises rather than consumers: Once it infects one machine, it silently proliferates across internal networks which can connect hundreds or thousands of machines in large firms, unlike individual consumers at home.

"It's not rocket science", Litan said.

While it's unclear what the level of insurance losses from the WannaCry ransomware will be, the attack shows the changing aggregation risk that insurers face, where one incident leads to losses from multiple policyholders, said Pascal Millaire, vice president and general manager of cyber insurance at Symantec Corp., the San Francisco-based technology security company.

Researchers from a variety of security firms say they have so far failed to find a way to decrypt files locked up by WannaCry and say chances are low anyone will succeed.

Kaspersky has listed Vietnam among the top 20 countries most affected by this ransomware; the other countries and territories include Russia, Ukraine, India, Taiwan, and mainland China.

WannaCry infected more than 300,000 computers with ransomware, and the malware's most unsafe feature wasn't even the fact that it encrypted the user's personal files asking for ransom in Bitcoin.

They exploited a ideal storm of factors - the Windows hole, the ability to get ransom paid in digital currency, poor security practices - but it's unclear if the payoff, at least so far, was worth the trouble.