Security experts find clues to ransomware worm's lingering risks

The Shadow Brokers'

WannaCry ransomware attack: Microsoft held back the security patch update, that could have slowed down the attack, says a report.

Since increasing numbers of systems running older versions of Windows were affected, Microsoft had chose to push an emergency patch for Windows XP and Windows Server 2003, urging users to deploy the patch as soon as possible to limit the impact of WannaCry.

People running older software will often claim that they're clinging to it because they can't afford to buy newer computers, or because now supported operating systems conflict with another piece of software that they're using. ATMs in India remain shut due to Wannacry Ransomware attack? But Smith didn't stop there.

"This is hypocritical of the U.S., to say the least, because no other country has mounted such wide-ranging, costly and long-term surveillance operations in the history of the internet as the NSA's PRISM and other spy programs".

"For all intents and purposes, I'm with Brad Smith on this", said King.

While the sequence of actions leading up to the worldwide hack are still obscure, it is maintained that the NSA warned Microsoft its hacking tool had been stolen and the company issued a patch in March. Those include a known and highly risky security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and malware created to spread quickly once inside university, business and government networks.

One of the most common single point of failures when building security software is the human factor.

Shame on Microsoft, says Chris Merriman in The Inquirer.

"NSA identified a risk and communicated it to Microsoft, who put out an immediate patch", Mike McNerney, a former Defense Department cybersecurity official, told the Post.

It said it was "taking pride in picking adversary equal to or better than selves, a worthy opponent" and that it was "always being about theshadowbrokers vs theequationgroup [a sophisticated hacking team believed to be operated by the NSA ]".

WannaCry: How To Defend Against The Ransomware Attack
India is at increasing risk of falling prey to ransomware, the malware that has been ravaging computer systems worldwide. The ransomware exploited a vulnerability that has been patched in updates of recent versions of Windows since March.

"Customers have to take at least a little responsibility for their own security", said Olds.

"Keeping critical updates automatic ensures you get the patches as soon as they're available", Staats said. Further threats included the files being permanently deleted if the user did not pay up, or the amount tripling if not paid within three days.

The malware only affects Microsoft's Windows operating system, exploiting a vulnerability in it.

Use the latest Operating System.

Samir Shah, CEO Aurionpro said, "In most hospitals, on average, 11 per cent have equipment that run older versions of Windows".

It also expressed fear that figure of affected computers and countries is likely to grow with time especially "as people use their computers if their IT has not been updated and their security systems patched over the weekend".

Rob Enderle, principal analyst with Enderle Group, agreed. "We have seen earlier that black hats would mainly attack and deface Indian websites but now the objective is mainly money".

Ultimately, "Microsoft will take a lot of heat for this, but in this instance, they performed as rapidly as they could, they have a right to be [angry]".

Russia's relationship to cyber crime is under intense scrutiny after US intelligence officials alleged that Russian hackers had tried to help Republican Donald Trump win the USA presidency by hacking Democratic Party servers.

The hope is that WannaCry will spur organizations on to finally migrate away from Windows XP, and the threat of further ransomware outbreaks driven by fresh Shadow Broker-peddled exploits should underline the urgency here.

Related:

Comments


Other news