Microsoft lambasts NSA for WannaCry, time for a "wake-up call"
Although Microsoft has released a patch update to counter the ransomware WannaCry, it is now fuming at how all this came to fruition owing to the software vulnerabilities, which were exploited but not reported by the NSA. President and Chief Legal Officer, Brad Smith released an open letter asking governments to treat this as a "wake-up call." Here's all that you need to know.
WannaCry, WanaCrypt0r 2.0, WannaCry and WCry
WannaCry is a ransomware that gets into your computer, encrypts files; demanding payments in Bitcoins to give the access of the computer back to its owner. What makes WannaCry more troublesome is the fact that it is also a worm i.e. when it gets into a computer, it also starts to look for other computers on the same network, which it can creep into.
The tech giant is reaching out to its customers
More than 200,000 Windows PCs had been infected by WannaCry ransomware and more are expected soon. Microsoft started off by saying "We take every single cyber attack on a Windows system seriously, and we've been working around the clock since Friday to help all our customers who have been affected by this incident...helping those affected needs to be our most immediate priority."
Hoarding vulnerable information led to the attack
The open letter by Microsoft's Brad Smith pointed out that this entire incident could have been averted if the government didn't hoard information about security flaws in computer systems and instead shared it with vendors. Microsoft had introduced a patch way back in March, but many firms had not applied it due to some reason or the other, thus remaining vulnerable to the attack.
Stockpiling vulnerability information is becoming a pattern
Slamming the government's role, Microsoft's president remarked that, "This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017." Drawing similarities he said, "We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world."
Rules of physical weapons should apply
Smith urged all governments to take these cyber attacks "as a wake-up call" and use the same rules applied to weapons and banish the practice of stockpiling information. He also pointed out that these leaks, connect nation-state action and organized criminal action together. Microsoft said, "An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."
Civilian lives are at risk
Microsoft urged governments to understand that the practice of hoarding vulnerabilities and using them for their own gain will only damage civilians, like the situation at hand and called for a "Digital Geneva Convention" to oversee and make it mandatory for governments to report vulnerabilities. The tech firm, meanwhile, has also released an update for outdated systems in a bid to counter WannaCry attack.
