Published: Sat, May 20, 2017
Hi-Tech | By Grace Becker

Microsoft Points Finger at NSA in Ransomware Outbreak

You should make multiple backups - to cloud services and to physical disk drives, at regular and frequent intervals.

In China, the internet security company Qihoo360 issued a "red alert" saying that a large number of colleges and students in the country had been affected by the ransomware. They, too, should regularly update with software patches as they're issued.

Install Microsoft's official patch. Also known as "WannaCryptor 2.0" or simply "WCry 2.0", the virus hits Russian Interior Ministry, Russian Railways and mobile service provider Megafon. Users who keep their patches up-to-date - admittedly, a hard task in environments where patches may interfere with the operation of legacy software, or those who still run unsupported operating systems - are at less risk. "While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally".

The government has long acknowledged the need to update its old IT systems. The thawing may be partly credited to a 22-year-old researcher who found a "kill switch" that slows the spread of the virus by simply registering a website name, the Wall Street Journal reported.

Reports have it that sixteen National Health Service (NHS) organizations in the United Kingdom have been reportedly hit with some of the hospitals cancelling outpatient appointments. But a report at the end of 2016 suggested that 90% of NHS trusts still had at least one XP system.

Referencing Microsoft ditching support for Windows XP in 2014 - despite the software remaining in widespread public and private use - Omand asked: "Should Microsoft have stopped supporting Windows XP so soon, knowing that institutions had invested heavily in it (at the urging of the company at the time)?" For example, a hospital X-ray department using an XP-based machine might need a new version of the software that controls its X-ray machines.

Nadal sees off Djokovic in semi-finals — Madrid Masters
The ball was bouncing very high. "I don't think it changes a lot for me". "After that, I calmed down". I just try to focus. "I take more positives than negatives into the next week in Rome".

Fourth, companies and government agencies ignored Microsoft's clear warning to fix the vulnerability that WannaCry exploited. So even if the recent ransomware attack acts as a necessary wake-up call, there's still a perceived safety net.

To better respond to the threat from the other side, smaller security firms have banded together to create alliances, like the group of French companies who formed Hexatrust in 2014.

WannaCry in that sense is just the tip of the iceberg. A modified version of the exploit was used to carry out the ransomware attack that hit machines in more than 150 countries, including those at hospitals and major corporations.

Since the NSA had known about this Windows 10 vulnerability without telling Microsoft, Smith argued, the agency is at least partially to blame. Essentially, it's a specific type of cyber attack that demands ransom from its victims. Our own National Security Agency discovered that vulnerability and weaponized it, kind of like turning a vitamin-deficient food into a deadly poison. Check before opening attachments or clicking on links (hovering the cursor over a link will reveal the actual destination URL, which may differ from that in the text they see), even if the apparent sender is someone familiar.

"While it would be satisfying to hold accountable those responsible for this hack - something that we are working on quite seriously - the worm is in the wild, so to speak, at this point, and patching is the most important message as a result", said Bossert.

"It has clearly been a rapidly increasing market for many years, particularly in the last two or three years", said Gerome Billois, a cyber security expert with consulting firm Wavestone.

Like this: