WannaCry Ransomware: Microsoft Calls Out NSA For 'Stockpiling' Vulnerabilities


Tarun Kaura, Director -Product Management - Asia Pacific Japan, Symantec said, "In 2016, we identified over 100 new malware families released into the wild, more than triple the amount seen previously, and a 36% increase in ransomware attacks worldwide".

"Organizations need to update their software", Kristy Campbell, chief spokeswoman for the cybersecurity firm Proofpoint Inc., told NBC News on Sunday.

The so-called WannaCry ransomware locks access to user files and in an on-screen message demands payment of $300 (275 euros) in the virtual currency Bitcoin in order to decrypt the files.

Other high-profile victims include hospitals in Britain, the Spanish telecoms giant Telefonica, French carmaker Renault, US package delivery company FedEx, Russia's interior ministry and the German rail operator Deutsche Bahn.

"It's unequivocally scary", said John Dickson of the Denim Group, a USA security consultancy. For ordinary computer users, straightforward laziness stands in the way of more frequent patching. In the United Kingdom, the National Health Service's systems across 48 localized trusts fell victim, for example, seriously impacting patient care.

The Wall Street Journal is reporting that the virus manages to use Port 445, which is a non-connected location Microsoft uses to communicate between computer and peripheral - like a printer.

Chinese state media said 29,372 institutions there had been infected along with hundreds of thousands of devices. "All calls on this number will be handled by malware specialists, who will guide people on prevention and remediation". But suppose some real professionals secretly hacked unknown NSA zero-day exploits, and built a worm created to attack American financial systems or critical infrastructure?

The researcher, tweeting as @MalwareTechBlog, said that the discovery was accidental, but that registering a domain name used by the malware stops it from spreading.

There is a Kill-Switch domain, which should not be blocked because it is known to have helped kill the ransomware.

Miller warned that companies should still be vigilant and that new versions of the virus are lurking. However, the latter version is non-functional and seems to have been a test by someone who manually patched the binary to remove the kill switch, rather than recompiling it from its original source code. "They must also enable automatic updates in their computer or laptop systems", added Yadav, reported Hindustan Times.

I suspect that this case was actually an accident, that the bad guys were developing the code and accidentally released it early because their payment infrastructure was broken, and they really have no way of actually collecting the money. In the last 14 months, Kalember said, there have been new variants of ransomware every two to three days.

The hackers remain anonymous for now, but it appears that they are amateurs.

Microsoft Corp President Brad Smith sharply criticized the USA government on Sunday for "stockpiling" software flaws that it often can not protect, citing recent leaks of both NSA and Central Intelligence Agency hacking tools.

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem".

Edward Snowden, the whistleblower who exposed the broad scope of NSA surveillance in 2013, tweeted, "If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened".

In addition, it's important to run antivirus or other security software, and keep a separate backup of all your important data, so that if your PC does get hijacked by ransomware, your personal files aren't at risk.

Global standards should compel countries not to stockpile or exploit software vulnerabilities, Smith says.

Some major technology companies, including Google and Facebook, declined comment on the Microsoft statement.

While the attack did hit networks, the access point to those networks was through computers that had not been updated with a patch Microsoft released in March. "But it shouldn't proactively push out the patches, as there are usually some business reasons why companies are still running old and unpatched systems", he said.



Related Posts

© 2015 Stump Report. All Rights reserved.