Microsoft blames US stockpiled vulnerability for ransomware attack

The stockpiling of vulnerabilities by governments is a big problem, the company said

Microsoft on Sunday said a software vulnerability stolen from the U.S. National Security Agency has affected customers around the world, and described the spread of the WannaCrypt ransomware on Friday in many countries as yet another example of the problems caused by the stockpiling of vulnerabilities by governments.

Referring to the attack as a “wake-up call,” Microsoft’s President and Chief Legal Officer, Brad Smith wrote in a blog post that governments have "to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."

The ransomware, also called WannaCry or Wana Decryptor, works by exploiting a vulnerability in some older versions of Windows. It has been suspected for some time now that the malware came from a cache of hacking tools reportedly stolen by hacking group Shadow Brokers from the NSA and leaked on the internet.

WannaCry is said to take advantage of a NSA hacking tool, called EternalBlue, that can make it easy to hijack unpatched older Windows machines.

Microsoft is now confirming that the WannaCrypt exploits used in the attack on Friday were drawn from the trove of exploits stolen from the NSA.

"Until this weekend's attack, Microsoft declined to officially confirm this, as US Gov refused to confirm or deny this was their exploit," wrote NSA whistleblower Edward Snowden in a tweet.

On March 14, the company had released a security update to patch the vulnerability. “While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally,” Smith wrote. “As a result, hospitals, businesses, governments, and computers at homes were affected.”

On Friday a number of agencies and businesses around the globe, including the U.K.’s National Health Service, were disrupted by the malware, which is estimated to have hit over 100,000 organizations in 150 countries, Rob Wainwright, executive director of Europol, the European law enforcement agency, told ITV.

Microsoft rolled out over the weekend a patch for Windows XP, Windows Server 2003 and Windows 8, which are operating systems for which it no longer provides mainstream support.

There are apprehensions that a second wave of the attack may arrive Monday as employees return and switch on affected computers. The attackers could also hit back with a variant of the malware that does not have a provision for the “kill switch” found by a researcher to stem the first round of attacks.

"Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You're only safe if you patch ASAP," wrote the researcher on Twitter.

Microsoft called in February for a “Digital Geneva Convention” laying down the rules for the protection of users from state cyber attacks, including a requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.

“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” Smith wrote.

Exploits in the hands of governments have repeatedly leaked into the public domain and caused widespread damage, wrote Smith, who compared the leaks of CIA and NSA vulnerabilities to the U.S. military having some of its Tomahawk missiles stolen.

“This most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action,” he added.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John Ribeiro

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?