Microsoft Blames Spy Agencies For Ransomware Attack


In a blog posted Sunday, Microsoft President Brad Smith weighed in on of the biggest debates in cybersecurity: vulnerability disclosure.

This ransomware, called WannaCry, encrypts a victim's files, demanding a bitcoin payoff if the target ever wants to see them again - caused widespread damage over the weekend.

Following the alert, the Gujarat government began equipping its state computer systems with anti-virus softwares and upgrading its Microsoft operating systems. This worldwide ransomware attack was perpetrated through the Windows operating system, meaning that only PCs were affected.

Furthermore, Smith emphasized that governments' stockpiling of vulnerabilities is a problem.

Microsoft had already released fixes to the vulnerability in March, but has provided further updates and reminders to users.

WannaCry, also known as WannaCrypt or Wanna Decryptor, is reportedly based on exploits developed by the U.S. National Security Agency before being stolen and leaked by a group called the Shadow Brokers in April.

While the NSA has not commented on either the WannaCry attack or Microsoft's response, Tom Bossert, President Trump's Homeland Security advisor discussed at Monday's daily White House press briefing that the infection rate has been relatively low in the USA compared to overseas infection rates, and that no federal systems have been compromised.

"This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it's something every top executive should support", said Smith.

The Reserve Bank of India (RBI) also asked all banks to put in place a software update at ATMs to prevent their systems from a malware that has attacked payment systems across the world. This is an emerging pattern in 2017.

"An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen", Smith said.

Friday's WannaCry ransomware outbreak infected over 200,000 of computers in 150 countries, including crippling the U.K National Health Service.

Microsoft in March released a patch for users to remove the vulnerability, but long-standing delays in updating major systems-such as the National Health Service (NHS) in the United Kingdom -exacerbated by a lack of support from the software company, allowed the attack to spread quickly around the world.

Security researchers have been warning that this would happen for years now.

But it would still affect computers that did not have their software updated.

Instead of developing hacking tools in secret and holding them for use against adversaries, governments and intelligence agencies should share weaknesses they find with Microsoft and other software makers so that vulnerabilities can be repaired, he said.