Ransomware prevention has been hindered by U.S.: Chinese state media
- Author: Zachary Reyes May 19, 2017,
May 19, 2017, 13:30
Vu Ngoc Son, deputy head of the anti-malware department of Bkav Corporation, the largest internet security firm in Vietnam, said that the WannaCry ransomware's behaviour is "not new", but he believes that the use of this ransomware will not really ease up as "it can directly earn large profits for hackers". The malware spread through phishing attacks, malicious emails and infected attachments, encrypting every file it can on a computer and then posting a landing page demanding a $300 ransom payment in Bitcoin in order for the files to be unlocked.
In what one of the most significant cyberattacks ever recorded, computer systems from the U.K.to Russia, Brazil and the USA were hit beginning Friday by malicious software that exploited a vulnerability in Microsoft's Windows operating system.
The one consistent thing here is that it is Microsoft Windows that is vulnerable - or, at least, out of date versions of the operating system. Over the weekend, Microsoft rolled out a patch for Windows XP, Windows Server 2003 and Windows 8.
With regards to the threat of further ransomware attacks, the only real way that they can be prevented would be to patch every single vulnerability that the perpetrators could target with the worm. Interestingly, the company had rolled out updates to "Patch the Ransomware Vulnerability" for Windows 7, 8.1, Vista SP2 and Windows 10 earlier this year on March 14, but only released "Security Update KB401258" to address the issue for less-popular Windows Server editions, including Windows 8, Vista, XP platforms on Friday.
"You can point a lot of fingers, but I think given that this was not a zero-day vulnerability (for which no patch is available), the people hacked are to blame", said Robert Cattanach, a partner at the worldwide law firm Dorsey & Whitney and an expert on cybersecurity and data breaches.
Some 47 NHS trusts fell victim to these ransomware attacks resulting in devastating consequences for some patients, as operations were cancelled and medical records held for ransom. Microsoft was under no legal obligation to do this, mind you, since it no longer supports Windows XP - after having extended its product lifecycle several times in the past.
"Software updates and security patches are pushed to us as needed so that we are using the most current approved versions of software on our computers".
"The governments of the world should treat this attack as a wake-up call".
They thought that they did everything that they could to defend their systems, but wannacry disabled many institutions so fast that in the countries most affected, many hospitals were unable to function even though their IT systems are usually the best when it comes to security.
"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage".