"Our government, our businesses, our trade secrets and our citizens' most sensitive information are all facing constant cyberattacks...."
The attack took advantage of a vulnerability in the Windows operating system that the federal government had been aware of for years but had chosen not to tell Microsoft about until just months before the WannaCry attack began.
The U.S. government clearly had its priorities wrong in not focusing on better protecting these cyberweapons, he said.
But many users who were infected by WannaCry did not install it. Starting first in the United Kingdom and Spain, the malicious "WannaCrypt" software quickly spread globally, blocking customers from their data unless they paid a ransom using Bitcoin. "Microsoft can't be proud".
It also expressed fear that figure of affected computers and countries is likely to grow with time especially "as people use their computers if their IT has not been updated and their security systems patched over the weekend".
Furthermore, Smith emphasized that governments' stockpiling of vulnerabilities is a problem.
Microsoft says the attack may evolve over time, and customers should consider blocking legacy protocols on their network.
It is a completely different picture for small companies that don't have easy access to cash for upgrades or access to the highly-skilled resources of government experts or even IT departments.
Still, he said Microsoft should accept some responsibility.
On the off chance your Windows Update isn't showing any new patches, you might have already installed it if your PC automatically updated itself, or you might be running an ancient version of Windows that no longer receives mainstream updates.
WannaCry is the name of the ransomware that targets the Microsoft Windows operating system.
Microsoft President Brad Smith said Sunday that the United States government's approach to cybersecurity is unsafe and contributed to a major global cyberattack last week. As one researcher put it, "enterprises often face a stark choice with security patches: take the risk of being knocked of the air by hackers, or take the risk of knocking yourself off the air".
Security agencies have so far not been able to identify who was behind the attack.
Keep security software up to date. Luckily, there are a few steps you can take to protect yourself from it, and most other versions of ransomware.
"It's not rocket science", Litan said. However, he did warn that following the patching advice from Microsoft and the Federal Bureau of Investigation should be a top priority to stop the spread, which has hit a number of large-profile companies, including FedEx. Asked what the company is doing to prevent such exploitations, he cited "basic IT security blocking and tackling".
Dubbed EternalBlue, the exploit allowed WannaCry to effectively infect neighbouring computers on a network using Windows' SMB v1.0 (file sharing) protocol. In-fact, to recall, Microsoft recently issued a patch for non-supported OS version such as Windows XP, Windows Server 2003, and Windows 8.
"This is the biggest and most explosive ransomware attack on record", says Adam Levin, CyberScout founder and author of Swiped. If they caught, that is.
They exploited a flawless storm of factors - the Windows hole, the ability to get ransom paid in digital currency, poor security practices - but it's unclear if the payoff, at least so far, was worth the trouble.
- Huge, Unprecedented Ransomware Attack Hits Around the Globe
- Immigration arrests up 38 percent this year
- Kawhi Leonard Expected To Play In Game 1
- Frenchman claims cure for WannaCry-infected computers
- Canelo Alvarez versus GGG confirmed but it is bad news for McGregor
- Draisaitl powers Oilers to blowout win
- Military solution to DPRK nuclear issue would be "tragic": United States defense chief
- Businesses brace for Monday as ransomware threat lingers
- Cleveland Cavaliers 130-86 Boston Celtics
- Spurs fans file lawsuit against Pachulia, Warriors