A cyber-attack that hit 150 countries since Friday should be treated by governments around the world as a “wake-up call”, Microsoft has said.
The firm analysed the malicious software, and found that the wormable component is based on the EternalBlue exploit that had been leaked out in a data dump allegedly coming from the NSA. Under current laws, they don’t have to report the flaws to the company at risk.
“All GPs surgeries did open, though some of them had to use pen and paper. If your operating system does not have the specific hotfix installed, then you are vulnerable and need to update immediately”, continued the spokesperson.
Microsoft released a security patch for the vulnerabilities in March.
“The ransomware virus is such lethal and smart that “it also drops a file named ‘!Please Read Me!.txt” which contains the text explaining what has happened (to the computer) and how to pay the ransom”.
Late Friday, Representative Ted Lieu announced he is working on legislation to reform the Vulnerabilities Equities Process, which is how the government decides when to disclose vulnerabilities.
“The very nature of this particular malware, this sort of ransomware attack, is very potent because unlike more routine ones this one has used a sort of worm to exploit the operating system and bolted on a ransomware so that it spread incredibly quickly in hours not weeks or days”, Wallace said.
LONDON, May 15 (Reuters) – The most disruptive cyber attack in the history of Britain’s National Health Service propelled a debate over state hospital funding to the centre of the election campaign on Monday, though officials said there had been no second wave of infections.
Telefónica: Spanish authorities confirmed the Spanish telecom company Telefónica was one of the targets, though the attack affected only some computers and did not compromise the security of clients’ information. Lieu said the current disclosure process is not transparent, and often misunderstood. “Because they could have done something ages ago to get this problem fixed, and they didn’t do it”.
Some privacy advocates say that if the NSA had disclosed the vulnerability when it was first discovered, the outbreak may have been prevented.
Colleges: Internet security firm Qihoo360 issued a “red alert” over the weekend, saying a large number of colleges and students in China had been hit by the ransomware attack. Organizations had two months to update their Microsoft products, which would have protected their systems. “No matter how this was disclosed or when it was disclosed, some percentage of businesses would not have applied”.
At least one hospital was affected, according to police. Before Friday’s attack, Microsoft had made fixes for older systems, such as 2001’s Windows XP, available only to those who paid extra for extended technical support. Those facilities are not unique.
Following a meeting of the Government’s Cobra contingencies committee, Home Secretary Amber Rudd said more than a million patients had been treated in the course of Monday. Microsoft also recommends running its free anti-virus software for Windows. This includes new security functionality across our entire software platform, including constant updates to our Advanced Threat Protection service to detect and disrupt new cyberattacks.
Researchers say this type of ransomware will continue.
A United Kingdom -based security researcher who goes by the name MalwareTech put a stop to the spread of WannaCry on Friday by registering a domain name he discovered in the ransomware’s code.