Mercredi, 26 Juillet 2017
Latest news
Main » Microsoft Charged for 'WannaCry' Patch

Microsoft Charged for 'WannaCry' Patch

20 Mai 2017

"Our government, our businesses, our trade secrets and our citizens' most sensitive information are all facing constant cyberattacks...."

The attack took advantage of a vulnerability in the Windows operating system that the federal government had been aware of for years but had chosen not to tell Microsoft about until just months before the WannaCry attack began.

The U.S. government clearly had its priorities wrong in not focusing on better protecting these cyberweapons, he said.

But many users who were infected by WannaCry did not install it. Starting first in the United Kingdom and Spain, the malicious "WannaCrypt" software quickly spread globally, blocking customers from their data unless they paid a ransom using Bitcoin. "Microsoft can't be proud".

It also expressed fear that figure of affected computers and countries is likely to grow with time especially "as people use their computers if their IT has not been updated and their security systems patched over the weekend".

Furthermore, Smith emphasized that governments' stockpiling of vulnerabilities is a problem.

Incidentally, the Microsoft did issue a patch to quash the exploit in March. Most experts believe that the ransomware was stolen from the US' National Security Agency (NSA).

Microsoft says the attack may evolve over time, and customers should consider blocking legacy protocols on their network.

It is a completely different picture for small companies that don't have easy access to cash for upgrades or access to the highly-skilled resources of government experts or even IT departments.

Still, he said Microsoft should accept some responsibility.

On the off chance your Windows Update isn't showing any new patches, you might have already installed it if your PC automatically updated itself, or you might be running an ancient version of Windows that no longer receives mainstream updates.

WannaCry is the name of the ransomware that targets the Microsoft Windows operating system.

Microsoft President Brad Smith said Sunday that the United States government's approach to cybersecurity is unsafe and contributed to a major global cyberattack last week. As one researcher put it, "enterprises often face a stark choice with security patches: take the risk of being knocked of the air by hackers, or take the risk of knocking yourself off the air".

Security agencies have so far not been able to identify who was behind the attack.

Keep security software up to date. Luckily, there are a few steps you can take to protect yourself from it, and most other versions of ransomware.

"It's not rocket science", Litan said. However, he did warn that following the patching advice from Microsoft and the Federal Bureau of Investigation should be a top priority to stop the spread, which has hit a number of large-profile companies, including FedEx. Asked what the company is doing to prevent such exploitations, he cited "basic IT security blocking and tackling".

Dubbed EternalBlue, the exploit allowed WannaCry to effectively infect neighbouring computers on a network using Windows' SMB v1.0 (file sharing) protocol. In-fact, to recall, Microsoft recently issued a patch for non-supported OS version such as Windows XP, Windows Server 2003, and Windows 8.

"This is the biggest and most explosive ransomware attack on record", says Adam Levin, CyberScout founder and author of Swiped. If they caught, that is.

They exploited a flawless storm of factors - the Windows hole, the ability to get ransom paid in digital currency, poor security practices - but it's unclear if the payoff, at least so far, was worth the trouble.

Microsoft Charged for 'WannaCry' Patch