Things to Know About the 'WannaCry' Ransomware Attack
- Author: Arturo Norris May 24, 2017,
May 24, 2017, 8:11
Since most of their machines were running the out-dated and no longer supported operating system, the WannaCry malware attack exploited lapses in XP.
Microsoft also highlighted the importance of awareness among customers, whether businesses or personal users, to regularly update their systems.
These factors help explain the mystery of why such a tiny number of victims appear to have paid ransoms into the three bitcoin accounts to which WannaCry directs victims. Many experts believe this ransomware campaign to be the result of leaked NSA documents and hacking tools that identified this particular vulnerability, which were stolen from the NSA and released online by Wikileaks.
Here are some of the key players in the attack and what may - or may not - be their fault. Those include a known and highly unsafe security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and malware created to spread quickly once inside university, business and government networks. This attack makes this practice unwise.
On top of that, critics say, the government didn't notify companies like Microsoft about the vulnerabilities quickly enough. Microsoft also criticized the NSA for so-called "stockpiling" vulnerabilities that may be stolen by hacker groups.
The U.S. National Security Agency (NSA) should shoulder some blame for the attack, which targets vulnerabilities in Microsoft Corp systems and has infected some 30,000 Chinese organizations as of Saturday, the China Daily said.
The ACLU, meanwhile, urged Congress to pass a law requiring the government to disclose vulnerabilities to companies "in a timely manner", so that they can patch them as soon as possible.
Avivah Litan, a cybersecurity analyst at Gartner, agreed that the government is "is negligent not doing a better job protecting companies", but added that it's not like "you can stop the US government from developing cybertools" that then work as intended.
Still, it was Microsoft that wrote the exploitable software to begin with. But the digital devastation suffered by the NHS is not limited to the old operating system.
But with Microsoft making an exception this time and providing the patch free to XP users, it may come under pressure to do the same next time it issues a critical security update.
On Monday, private-sector sleuths found a clue about who might be responsible for the WannaCry attack. If the computer is able to access the backup files, the files will be encrypted. How you backup is up to you.
Michael Mitchell, spokesman for Oreo cookie maker Mondelez International, said the company is not aware of any incidents from the attack, though it did alert employees.
"The operating systems on our computers and software downloads are managed centrally so that regular users can not download executable files from the internet without administrative rights", he said in an email.
The state-run People's Daily compared the cyber attack to the terrorist hacking depicted in the US film "Die Hard 4", warning that China's role in global trade and internet connectivity opened it to increased risks from overseas. Naturally, someone is going to get in trouble for this massive security failure, but it's not going to be Microsoft. If they caught, that is.