“Whether or not you think the USA government should be spending a fortune developing such cyber-weapons, surely it is obvious that the weapons they develop should be properly secured”, said Phillip Hallam-Baker, principal scientist for New Jersey-based cybersecurity firm Comodo, in an emailed statement.
The infections spread quickly, reportedly hitting as many as 100 countries, with Russian systems affected apparently more than others. “The particular malware, aptly titled ‘ransomware” is named WannaCry and was created by hackers after they got their hands on a treasure trove of super-secretive cyber-attack tools from USA’s National Security Agency last month. It encrypts all the data it can find then demands a ransom for the encryption key.
Microsoft pointed that, “The governments of the world should treat this attack as a wake-up call”.
If the trend continues, using pirated software will be embedded in India’s computing culture, putting the country’s cybersecurity more at risk.
The argument that it’s the NSA’s fault has merit, according to Alex Abdo, staff attorney at the Knight First Amendment Institute at Columbia University.
In the blog post, the group said it was setting up a “monthly data dump” and that it could offer tools to break into web browsers, network routers, phone handsets, plus newer exploits for Windows 10 and data stolen from central banks. By taking the following steps, entrepreneurs can ensure their company – and by extension their livelihood – is protected from cyberattacks like WannaCry. “When a design flaw is discovered in a vehicle, manufacturers issue a recall”. This made the companies using this operating system more vulnerable. “Microsoft knew about this vulnerability – how widely it could get exploited”, he said. (Note: the “Windows Update” section is also handy for showing you updates that are now being downloaded or applied.) Under “Advanced Options“, just make sure the drop down box is set to “Automatic”. It had done a patch for the ransomware in March and it rolled it out to millions of their machines. And many computer networks, particularly those in less developed parts of the world, still use an older version of Microsoft software, Windows XP, that the company no longer updates.
But many users had not installed the patch by the time EternalBlue was dumped on the Internet in April. That could saddle the company with the XP albatross for many years past when it hoped to be free from having to maintain the software. After that, the malicious code was able to easily travel to a broader network of computers that were linked together through the Windows file-sharing system.
Users should also avoid providing personal information or information about their organization, including its structure or networks, CERT says, unless they are certain of a person’s authority to have the information. “That’s going to become a more common practice”. But the WannaCry affair has done some public service.
An independent research by Quick Heal Technologies, a cyber-security firm, shows that about 48,000 computers were attacked by the ransomware WannaCry, with most incidents in West Bengal. But in this case, according to Kaspersky Lab, the shared code was removed from the versions of WannaCry that are now circulating, which reduces the likelihood of such a “false flag” attempt at misdirection.
Microsoft patched the vulnerability a month earlier, presumably after being alerted by the NSA that the leak was imminent. They are naturally immune to such things due to their system architecture, and their open-source nature that allows anyone in the world to suggest changes.
Microsoft has already issued a warning to users that they need to update their software, and are also pointing to a page with instructions for how to disable Server Message Block as a temporary solution. “Occasionally mistakes happen”, he added.