WannaCry Ransomware: Microsoft Calls Out NSA For ‘Stockpiling’ Vulnerabilities

After the WannaCry cyberattack hit computer systems worldwide, Microsoft says governments should report software vulnerabilities instead of collecting them. Here, a ransom window announces the encryption of data on a transit display in eastern Germany on Friday. AFP/AFP/Getty Images

When the National Security Agency lost control of the software behind the WannaCry cyberattack, it was like “the U.S. military having some of its Tomahawk missiles stolen,” Microsoft President Brad Smith says, in a message about the malicious software that has created havoc on computer networks in more than 150 countries since Friday.

“This is an emerging pattern in 2017,” Smith, who is also chief legal officer, says in a Microsoft company blog post. “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.”

On affected computers, the WannaCry software encrypts files and displays a ransom message demanding $300 in bitcoin. It has attacked hundreds of thousands of computers, security experts say, from hospital systems in the U.K. and a telecom company in Spain to universities and large companies in Asia. And the software is already inspiring imitators, as the Bleeping Computer site reports.

The malware behind WannaCry (also called WannaCrypt, Wana Decryptor or WCry) was reported to have been stolen from the NSA in April. And while Microsoft said it had already released a security update to patch the vulnerability one month earlier, the sequence of events fed speculation that the NSA hadn’t told the U.S. tech giant about the security risk until after it had been stolen.

With his new statement, Smith seems to be confirming that version of events.

Two months after Microsoft issued its security patch, thousands of computers remained vulnerable to the WannaCry attack. That prompted the company to issue another patch on Friday for older and unsupported operating systems such as Windows XP, allowing users to secure their systems without requiring an upgrade to the latest operating software.

Urging businesses and computer users to keep their systems current and updated, Smith says the WannaCry attack shows the importance of collective action to fight cybercrime.

But he aimed his sharpest criticisms at the U.S. and other nations.

The attack, Smith says, “represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today — nation-state action and organized criminal action.”

International standards should compel countries not to stockpile or exploit software vulnerabilities, Smith says. He adds that governments should report vulnerabilities like the one at the center of the WannaCry attack.

Governments “need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world,” Smith says, urging agencies to “consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”

Smith’s blog post did not address another factor in the ransomware’s spread, one that hints at the difficulty of uniting against a hacking attack: Users of pirated Microsoft software are unable to download the security patch, forcing them to fend for themselves or rely on a third-party source for a solution.

Source

We will be happy to hear your thoughts

Leave a reply

How Create Unlimited Stunning Designs?
Get the highest possible quality graphics for your websites, videos and offline businesses - with the push of a button!
PGlmcmFtZSB3aWR0aD0iMTAwJSIgaGVpZ2h0PSIxMDAlIiBzcmM9Imh0dHBzOi8vd3d3LnlvdXR1YmUuY29tL2VtYmVkL0szTXJXajlaT3JNIiBmcmFtZWJvcmRlcj0iMCIgYWxsb3dmdWxsc2NyZWVuPjwvaWZyYW1lPg==
Special Early Bird Discount
$10 Into $2,000 In Just 2 Hours ??
Discover How You Can Easily Turn $10 Into $2,000 In Just 2 Hours Without Any Tech Skills or Marketing ‘Know How’
PGlmcmFtZSB3aWR0aD0iMTAwJSIgaGVpZ2h0PSIxMDAlIiBzcmM9Imh0dHBzOi8vd3d3LnlvdXR1YmUuY29tL2VtYmVkL0V4LUxjVXBWVWp3IiBmcmFtZWJvcmRlcj0iMCIgYWxsb3dmdWxsc2NyZWVuPjwvaWZyYW1lPg==
Repeat this time and time again
FINALLY!
Create Money Making Videos In Under 15 Seconds
A brand-new technology automatically find viral video clips from Facebook and YouTube based on keyword and creates a “viral compilation” videos using trending viral clips
PGlmcmFtZSB3aWR0aD0iMTAwJSIgaGVpZ2h0PSIxMDAlIiBzcmM9Imh0dHBzOi8vd3d3LnlvdXR1YmUuY29tL2VtYmVkL1l0SmpVLVdzY3RjIiBmcmFtZWJvcmRlcj0iMCIgYWxsb3dmdWxsc2NyZWVuPjwvaWZyYW1lPg==
Repeat this time and time again
This VIDEO technology is 2020, not 2017
Users Made Over $500,000 In Pure Profit By Selling THESE Videos Onto To Rabid Buyers…
PGlmcmFtZSB3aWR0aD0iMTAwJSIgaGVpZ2h0PSIxMDAlIiBzcmM9Imh0dHBzOi8vd3d3LnlvdXR1YmUuY29tL2VtYmVkL3huNW9kYVktWm5jIiBmcmFtZWJvcmRlcj0iMCIgYWxsb3dmdWxsc2NyZWVuPjwvaWZyYW1lPg==
Get $50 Off Coupon Code
100% FREE AND AUTOMATIC TRAFFIC FOR LIFE
Tired of getting crushed by major brands and influencers? Need easy, cheap traffic from content or videos that actually works in crowded 2017? Here’s how you can getting
PGlmcmFtZSB3aWR0aD0iMTAwJSIgaGVpZ2h0PSIxMDAlIiBzcmM9Imh0dHBzOi8vd3d3LnlvdXR1YmUuY29tL2VtYmVkL185emxVY3FlVXc0IiBmcmFtZWJvcmRlcj0iMCIgYWxsb3dmdWxsc2NyZWVuPjwvaWZyYW1lPg==
Get up to 50x more free traffic