Cyber attack 'wake-up call for governments — Microsoft chief

Share

Security wonks are calling it the biggest cyberattack ever.

WannaCry takes advantage of a vulnerability in Microsoft Windows.

The government is not legally bound to notify at-risk companies.

For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt.

Cyber bad guys have spread ransomware, known as WannaCry, to computers around the world.

Late Friday, Representative Ted Lieu announced he is working on legislation to reform the Vulnerabilities Equities Process, which is how the government decides when to disclose vulnerabilities. It was originally developed by the NSA and used as a backdoor into systems. "We have seen vulnerabilities stored by the Central Intelligence Agency show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world". Microsoft has quickly been issuing fixes to contain the situation. Lieu said the current disclosure process is not transparent, and often misunderstood.

Smith said Microsoft has the "first responsibility" to address the problem. Several security research teams report that they are working on decryption tools, but none are now available. "No matter how this was disclosed or when it was disclosed, some percentage of businesses would not have applied". They were forced to reschedule patients, and people were warned to stay away from emergency rooms if possible.

More news: Google AdSense To Remove Ads From Pages Vs Whole Site

Machines infected included those at United Kingdom hospitals, prompting Microsoft to release a free patch for Windows XP and versions of Windows in their end-of-life. Those facilities are not unique.

Organizations running older Windows software couldn't patch immediately because there was no patch available.

The company says that it's now taking a "highly unusual" step by releasing public patches for Windows versions that are in custom support only. "Later, attackers could even operate the needed updates and solve various vulnerabilities on devices, so no one else exploits them". While this particular ransomware was inadvertently stopped, hackers could modify the code and try again.

Dame Fiona and the Care Quality Commission wrote to Mr Hunt to highlight a "lack of understanding of security issues", the newspaper said, and that "the external cyber threat is becoming a bigger consideration".

Apple's Mac computers were not targeted by this ransomware attack.

The recent WannaCry ransomware attack, which spread to more than 100 countries, is only the beginning in a series of similar attacks, according to Cătălin Coșoi, head of the Bitdefender's investigation team coordinating the relations of the company with institutions such as NATO, Europol, Interpol, or national response centers to cyber-security incidents, Agerpres reported.

Share