Published: Sat, May 20, 2017
Hi-Tech | By Grace Becker

Global cyberattack alert as experts warn of more havoc


The malicious software used in the attack, which has the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system, was stolen from the US National Security Agency.

"An equivalent scenario with conventional weapons would be the USA military having some of its Tomahawk missiles stolen, he wrote, adding that governments should "report vulnerabilities" that they discover to software companies, "rather than stockpile, sell, or exploit them".

"This is an emerging pattern in 2017".

Exploits used in the attack were drawn from exploits stolen from the NSA.

Then there's the US government, whose Windows hacking tools were leaked to the internet and got into the hands of cybercriminals.

Smith compared the NSA losing track of its cyber weapon to the USA military having Tomahawk cruise missiles stolen.

The software giant compared the severity of the attack with "the United States military having some of its Tomahawk missiles stolen".

Pogba to return for Manchester United on Sunday
Manchester United manager, Jose Mourinho, has promised not to make mistakes in his second season in charge of the Red Devils.

In a post on Microsoft's blog, Smith says: "An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen".

He noted that Microsoft is calling for a "Digital Geneva Convention" that would require governments to report computer vulnerabilities to vendors rather than store, sell or exploit them.

WannaCry takes advantage of a vulnerability discovered by the NSA and made public by hackers in April.

In August 2016, a group calling itself The Shadow Brokers began posting materials from that stolen cache of programs online. "Cyber experts have been engaged to fix the systems", a senior police officer said. The computer system could be the PCs or laptops at workplaces, ATM machines, internet enabled PoS machines and similar such machines. The ransomware attack has affected more than 200,000 victims in 150 countries, said Rob Wainwright, head of law enforcement agency Europol. Among those hit are hospitals, universities, manufacturers and government agencies in Britain, China, Russia, Germany and Spain.

"The operating systems on our computers and software downloads are managed centrally so that regular users can not download executable files from the internet without administrative rights", he said in an email. The computer screen locks up, and displays two count-down clocks - one displaying the time until the ransom doubles and the other the time until all files are deleted. Some of the victims have reportedly regained access to their files after paying, although security experts advise against complying with ransom demands. A Twitter bot tracking the payments made to WannaCrypt now has the value paid for ransoms at $55,800. Experts say this vulnerability has been understood among experts for months, yet too many organizations either failed to take it seriously or chose not to share what they'd found.

He also said that the attack is an example of "why stockpiling vulnerabilities by the government is such a problem". As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems.

Officials urged companies and organizations to update their Microsoft operating systems immediately to ensure networks aren't still vulnerable to more powerful variants of the malware known as WannaCry or WannaCrypt. So even people with older computers should go update them. Meanwhile, he has also warned that a new version of the virus has apparently already been released.

Like this: