Global ransomware attack used info stolen from NSA, says Microsoft

It was a stress-filled weekend for many IT workers this past weekend as the WannaCry ransomware attack spread, crippling Windows systems worldwide.

On top of that, critics say, the government didn't notify companies like Microsoft about the vulnerabilities quickly enough.

Despite downplay of ransomware WannaCry's impact by the Centre; IT experts have cautioned users that the number of effected organizations is expected to rise rapidly. "We have seen vulnerabilities stored by the Central Intelligence Agency show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world".

The massive ransomware attack that began last week and hit computers around the world should send a "wake-up call" to governments that have kept vulnerabilities secret to exploit them, Microsoft President and Chief Legal Officer Brad Smith said yesterday in a blog post.

Smith went on to describe the situation as the equivalent of U.S. Tomahawk cruise missiles getting stolen from military stockpiles. "They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world".

Computers booting up to start the workweek might continue the spread of "WannaCry", a ransomware attack where hackers lock down a computer and threaten to delete all its data unless a ransom is paid. When this happens, you can't get to the data unless you pay a ransom.

It's an invisible and unstoppable attack, and the kind Congressman Ruppersberger has fought in congress for more than a decade and is backing legislation to unite businesses and government agencies against hackers.

WannaCry developers have prepared a Q&A section in various languages, offering infected users localised instructions on how to recover data and how to pay the ransom. About 30 per cent of all antivirus systems reportedly detected and destroyed the ransomware on time.

Using antivirus software will at least protect you from the most basic, well-known viruses by scanning your system against the known fingerprints of these pests. Experts say this vulnerability has been understood among experts for months, yet too many groups failed to take it seriously. We have more than 3,500 security engineers at the company, and we're working comprehensively to address cybersecurity threats. "Otherwise they're literally fighting the problems of the present with tools from the past", he said.

"Whether or not you think the USA government should be spending a fortune developing such cyber-weapons, surely it is obvious that the weapons they develop should be properly secured", said Phillip Hallam-Baker, principal scientist for New Jersey-based cybersecurity firm Comodo, in an emailed statement.

  • Arturo Norris