Another NSA Cyber Weapon Stolen By Hackers! Widespread Damage Expected

Isaac Cain
May 18, 2017

In the wake of the attack, which also goes by the name WannaCrypt, a top executive at Microsoft criticized the government for stockpiling software vulnerabilities and keeping them secret.

Stock exchanges - the BSE and the NSE - have advised trading members to undertake "appropriate actions" tackle any threat from the ransomware WannaCry, which has hit computers and networks across the world.

The "ransomware" infected computers' encrypted files, effectively making them inaccessible, and presented a window demanding $300 in Bitcoin to regain access.

Throughout the day other, mainly European countries, reported infections. "There are so many copycats in cyber crime that will duplicate this attack‚" said Professor Basie von Solms‚ director of the University of Johannesburg's Centre for Cyber Security.

The BBC reported on Monday that 16 of the 47 NHS trusts affected by the cyber attack were still experiencing issues. What was going on? "To protect your computer from such malicious malwares, one should be aware of the security measures and install all necessary updates", Dinesh Yadav, superintendent of police (city), said in a press note. In most cases, the malware infects computers through links or attachments through phishing emails. Kaspersky Lab says that the majority of affected systems were in Russian Federation. The industry term for this type of super-vigorous ransomware: Ransomworm. I think that's where most of the issue comes from, from a business continuity perspective.

The Electronic Frontier Foundation also called for more visibility into the government's use of security flaws, saying Wanna Cry "points to the need for transparency into and reform of how the government handles software vulnerabilities it retains". "This is why they call it ransomworm".

A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec, in Mountain View, California, U.S. May 15, 2017.

NSA does not discuss its capabilities, and some computer experts say the MS17-010 exploit was developed by unknown parties using the name Equation Group (which may also be linked to NSA). The problem is that not all customers installed the patch.

An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests.

More news: Phoenix Will Pick Fourth — Sun Burned

Most of the vulnerabilities targeted by the leaked exploits had already been patched by that time, including EternalBlue, which Microsoft fixed in March. According to a recent report by StatCounter, Windows 7 accounts for almost 60 percent market share for desktop Windows versions in India, followed by Windows 10 with almost 20 percent market share.

While authorities can and do use security flaws to gather intelligence, companies such as Microsoft want to be told about vulnerabilities so they can patch the holes in their security and protect their users from attacks such as WannaCry.

First, keep up to date on patches to Windows and all your other platforms.

In addition to the education sector, a number of immigration checkpoints were paralyzed because the public security network was infected.

"The massive malware attack that hit multiple countries has caused chaos and has shut down vital institutions such as hospitals", U.S. Representative Ted Lieu (D-CA) said Friday in a statement.

Third, don't be complacent with the usual ways that malware spreads.

This incident also reignited debate over government stockpiles of vulnerabilities, with Microsoft President and Chief Legal Officer Brad Smith noting on his blog, "We have seen vulnerabilities stored by the Central Intelligence Agency show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world". That means you can't train your way out of this.

According to the BSA Global Software Survey, 58 percent of the software tools used in India in 2015 was pirated, with a commercial value of $2.68 billion.

Other reports by LeisureTravelAid

Discuss This Article