In Asia, where many offices closed before the WannaCry ransomware struck on Friday, the attack has been less severe than expected.
“Because the list of vulnerable Windows PCs can be found through a simple internet scan and the code can be executed remotely, no interaction from the user is needed”. The spread of the program across National Health Service (NHS) computers forced doctors to switch to pen and paper and continued to affect care days after it initially hit.
Microsoft’s chief legal officer Brad Smith has voiced direct criticism of the US National Security Agency for not revealing the details of the vulnerability that was at the root of the WannaCry ransomware. But not everyone is prompt or has the access to update their systems, leading to untold vulnerable computers around the world.
Since increasing numbers of systems running older versions of Windows were affected, Microsoft had chose to push an emergency patch for Windows XP and Windows Server 2003, urging users to deploy the patch as soon as possible to limit the impact of WannaCry. This particular vulnerability was patched in modern versions of Windows around two months ago, if system updates were implemented more regularly across agencies and businesses, then this attack wouldn’t have got as far as it did.
It told customers to update their computers as millions could be affected by the WannaCry virus today. Thousands of private and public sector organisations across dozens of countries on Friday faced inoperable computers and forced hospitals in the U.K.to cancel procedures and use only pen and paper. However, the immediate preventive measure before any more ransomware attacks emerge is upgrade all Windows systems, said the security firm. And they’re blaming the USA government for stockpiling cyber weapons.
Smith went on to describe the situation as the equivalent of U.S. Tomahawk cruise missiles getting stolen from military stockpiles. Because of the extremely high impact, Microsoft has made a decision to issue patches for ALL operating systems, including the unsupported ones.
Governments should heed the attack as “a wake-up call”, the tech exec wrote – adding they must “consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits”.
“It spread very, very quickly”, Smith said. “Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers”.
“This is an emerging pattern in 2017”. And, while the company did issue early fixes for its newer operating systems, patches for older Windows systems were only issued free of charge over the weekend, after the attacks began.
Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem.
“With the success of the initial infection of WannaCry, it wouldn’t be at all surprising to see the next iteration released soon”, said Millard in an email remarks sent to eWEEK.