Microsoft slams the government for stockpiling software exploits

The infamous whistleblower who curently calls Russian Federation home spoke on Monday via video link at a Washington DC security conference.

With global security reports counting India amongst the worst affected countries, public and private agencies have been working overtime to firewall their systems from any possible attack.

WannaCry, a ransomware package that held over 250 000 computers in 150 countries hostage this past weekend, spread like wildfire using an exploit reportedly leaked from the NSA.

These views mirror his tweet posted last week Friday, as the WannaCry attack was in full swing.

You can learn everything you need to know about WannaCry in this post.

In August 2016, a group calling itself The Shadow Brokers began posting materials from that stolen cache of programs online. Yes, the company did release a patch, but it’s hard to blame the NHS for not updating (and The Times’ Mark Bridge points out, NHS Digital had issued a warning to use the patch on 25 April). However, a hacker could rewrite the code to omit the kill switch and start trying to infect new machines with a new version of it.

The phenomenon of companies failing to update their systems has been a persistent security problem for years.

That fix was released in March but – as with all patches – a significant number of Windows systems had not yet been updated. You have two options, upgrade to supported software or roll the dice and run unsupported software which will allow you to save some money that you will inevitably be paying out to ransomware vendors or security professionals to salvage your data in the near future. “WannaCry encrypts core system files and the operating system stops functioning”.

Though the worm is primarily affecting business, individuals with PCs running Windows should still take a few precautions. Install all Windows updates. 5. Turn on auto-updaters where available (Microsoft offers that option).

“We need to make it as easy as we can for people to patch their systems, and then customers have to apply those patches”, Smith says.

He added that the Cyber Swachhta Kendra – government’s portal on information about cyber security – is being updated on regular basis since Saturday.

Finally, always stay alert.

I have frequently blogged about human resources departments’ role in preventing data breaches in their organizations and to date have largely focused on training employees to recognize and respond phishing exploits created to encourage employees to click on email links or attachments that contain malware.

The cyberattack highlights how critical infrastructure and major organizations can be harmed by outdated software and technology.

Heather Kelly contributed reporting.