Microsoft Slams NSA Over Ransomware Nightmare

It's one thing to fall victim to a burglar.

Do you have to open an email attachment to be infected?

The ransomware was temporarily blocked after its onslaught on Friday, but reports from several countries showed that the first series of attacks could be a start of more unsafe cyber intrusions. European countries were hit the hardest, and business ground to a halt at several large companies and organizations, including banks, hospitals, and government agencies.

However, there are measures that can be taken to protect those systems, like isolating them on network segments where access is strictly controlled or by disabling unneeded protocols and services.

Officials across the globe scrambled to catch the culprits behind a massive ransomware worm that disrupted operations at auto factories, hospitals, shops and schools, while Microsoft pinned blame on the U.S. government for not disclosing more software vulnerabilities. The increasing prominence of cyberattacks and the speed and size of the WannaCry incident could prompt more soul-searching and litigation than the many viruses before it. "Although there has been a significant amount of interest in the media and inescapable coverage of the outbreak, many systems will still be lacking the MS17-010 patch required to mitigate the threat". Prior to joining FCW, he was Kabul Correspondent for NPR, and also served as an global producer for NPR covering the war in Libya and the Arab Spring. Since the attack, Microsoft has released a highly unusual Windows XP update.

Microsoft has already identified the way this specific strain of ransomware spread from device to device, and has issued a issued a fix. A tool originally used by the NSA to hack into PCs before being made public by the Shadow Brokers group last month was used to distribute the virus.

"The odds of getting back their files decrypted is very small", said Vikram Thakur, technical director at security firm Symantec. Updating software will take care of some vulnerability. However, there was no official information in this regard from the RBI in this connection till late evening.

It's possible no lawsuits will arise from the WannaCry outbreak. Staff said they would continue to monitor and update their systems as a precaution.

Where you have embedded systems, ensure that your vendor can provide an upgrade path as a priority. Others affected include Nissan Motors, FedEx, China National Petroleum, Renault SA, Deutsche Bahn, Russian bank Sberbank, the Yancheng police department in China, the Russian Interior Ministry, and Hitachi to name a few.

Some think that the root of all these come from the National Security Agency, more commonly known as the NSA.

Microsoft is criticizing government agencies for hoarding software flaws and keeping them secret, calling a massive, new ransomware attack a "wake-up call" to this problem.

  • Arturo Norris