Jeudi, 21 Février 2019
Latest news
Main » US security agency should take some blame for ransomware attack: Chinese media

US security agency should take some blame for ransomware attack: Chinese media

20 Mai 2017

"Whether or not you think the US government should be spending a fortune developing such cyber-weapons, surely it is obvious that the weapons they develop should be properly secured", said Phillip Hallam-Baker, principal scientist for New Jersey-based cybersecurity firm Comodo, in an emailed statement.

This story doesn't feel too surprising.

Back up files regularly on systems that are not connected to your main system.

"Hopefully people are learning how important it is to apply these patches", said Darien Huss, a senior security research engineer for cybersecurity firm Proofpoint, who helped stem the reach of the weekend attack.

Even then, there are a number of precautions that people who insist on running outdated programs can take to greatly increase their security, such as running them in virtual machines, via emulators or behind firewalls, or disconnected from the web entirely. Microsoft did issue patches for the vulnerabilities before the attacks took place, but not everyone downloaded them.

The hacker, whose are yet to be recognised employed a technique, allegedly stolen from the US National Security Agency for targeting the market-leading Windows operating system of Microsoft.

As we saw at the end of last week, WannaCry hit the NHS badly because it's still using Windows XP systems which have been unsupported and without security patches for over three years now. Other affected devices include Microsoft Windows installations without the security patch issued by the company earlier in March 2017. Under "Control Panel", head to "System and Security", and click "Windows Firewall". When public XP support ended in 2014, the government said it expected the majority of its machines to be upgraded within a year. Some reports Sunday suggested that this has already happened.

Now the shadowy group has announced that they plan to sell more exploits to anyone willing to pay, on a monthly basis, starting next month in June. This crypto-ransomware works by infecting a user's files and making them inaccessible until a ransom is paid, in money or Bitcoin, with a threat that failure to pay will result in the data being destroyed. Spanish carrier Telefonica, German railway Deutsche Bahn, FedEx, and a host of other organizations were also hit and forced to curtail their normal activities. Brad Smith, Microsoft's top lawyer, criticized US intelligence agencies for "stockpiling" software code that can be used by hackers.

Though the WannaCry worm was one of the largest cyberattacks in history, it still might not be enough to shift everyone off old technology.

Since Friday, May 12, malicious software named WannaCry has spread around the world in a massive cyberattack that has affected Windows computers in hospitals, government agencies and businesses. One source suggests that more than 10% of all desktop PCs run Windows XP, and a significant portion of those victims will likely be small businesses.

"What really makes the magnitude of this attack so much greater than any other is that the intent has changed from information stealing to business disruption", said Samil Neino, 32, chief executive of Los Angeles-based Kryptos Logic. Currently, that amount is worth $1.76 billion.

It is a completely different picture for small companies that don't have easy access to cash for upgrades or access to the highly-skilled resources of government experts or even IT departments. "Otherwise they're literally fighting the problems of the present with tools from the past". It has not responded to repeated requests for comment about the ransomware attack.

Why was the WannaCry attack so bad?

US security agency should take some blame for ransomware attack: Chinese media