Microsoft's President Reflects On Cyberattack, Helping Pirates And The NSA
- Author: Zachary Reyes May 17, 2017,
May 17, 2017, 22:18
Ellis favors a more transparent process for the government, and close cooperation with the cybersecurity community, which, like the British researcher lauded for helping stem the WannaCry attack, can offer tremendous knowledge and resources in the battle against cybercrime and national security threats, he said. "All the data in the laptop was encrypted and there were no confidential files", he said. As it is, if they have a piece of malware, it's highly likely that even small-time criminals will have it, too. Multiple backups also help. Rather, once one Windows system was affected on a Windows network, WannaCry managed to propagate itself and infect other unpatched machines without any human interaction. "Organisations need to make use of it". It's a good idea to back up files to a drive that remains entirely disconnected from your network.
The China Daily said Wednesday that the U.S.'s National Security Agency should take some of the blame for last week's WannaCry ransomware attack, which targeted vulnerabilities in Microsoft systems and affected 30,000 Chinese organizations alone. In March, thousands of leaked Central Intelligence Agency documents exposed vulnerabilities in smartphones, televisions and software built by Apple, Google and Samsung Electronics.
While you may have already read about WannaCrypt, popularly dubbed as WannaCry, ransomware, and Microsoft's response to the same, here's the story in short before we get to identifying who's at fault.
Roi Abutbul warned me, "This time, the attackers used an unpatched rare vulnerability, but there are many other ways to move laterally and spread inside the network".
Microsoft should know that there are people, small businesses, schools and hospitals that still use older version of Windows, such as XP (which came out in 2001). However, on Friday, to inoculate users against the spread of WannaCry, Microsoft took the unusual step of issuing downloadable patches for customers running these older platforms - namely Windows XP, Windows 8 and Windows Server 2003.
"We must evolve three determiners for digital security: how we ensure software authenticity and integrity, how we assess risk in an increasingly interconnected network and how we disseminate software updates", Dr Krishnashree Achuthan, director at the Center for Cybersecurity Systems and Networks, Amrita University, told International Business Times, India.
Besides, antivirus updates needs to be pushed to all end users and servers.
Basic protocol such as stressing that workers shouldn't click on questionable links or open suspicious attachments can save headaches. Overworked systems administrators work within limited budgets.
Some organizations disconnect computers as a precautionary measure.
However, if you do pay, you're only fueling the fire. There's also no guarantee all files will be restored. They have been asked to maintain a backup of critical data and store it offline and/or at a different location.
With WanaCryptor and MS17-010 both "unleashed into the wild", F-Secure said the current problem seems to have combined and magnified the worst of the dangers those programs represent.