Sunday, 20 May 2018
Latest news
Main » The NSA told Microsoft about EternalBlue hack used in WannaCry

The NSA told Microsoft about EternalBlue hack used in WannaCry

20 May 2017

The directive was in response to the WannaCry ransomware that took down computer systems across the world locking up critical data and demanding bitcoins as ransom for its release.

Microsoft could have slowed the devastating spread of ransomware WannaCry to businesses, reports the Financial Times. So far, not many people have paid the ransom demanded by the malware, Europol spokesman Jan Op Gen Oorth told The Associated Press.

Computers around the globe were hacked beginning last Friday using a security flaw in Microsoft's Windows XP operating system, an older version that was no longer given mainstream technical support by the United States computing giant.

"Whether or not you think the US government should be spending a fortune developing such cyber-weapons, surely it is obvious that the weapons they develop should be properly secured", said Phillip Hallam-Baker, principal scientist for New Jersey-based cybersecurity firm Comodo, in an emailed statement. Larger organisations though may have policies that can cover damages as high as $500 - $600 million.

More news: Body dumped along Texas road after hearse stolen

Experts say it will be hard for them to replicate the conditions that allowed the so-called WannaCry ransomware to proliferate across the globe. As cyberattacks such as this continue to occur, companies will likely double down in their efforts to remain vigilant to new and more complicated threats.

It's not the first time hackers have used the leaked NSA tools to infect computers. There's Microsoft, whose ubiquitous Windows operating systems were compromised after attackers exploited a security hole. Numerous British hospitals victimized in the attack were running XP. Computers running Microsoft Windows were infected with "WanaCrypt0r 2.0 or WannaCry" ransomware.

The WannaCry ransomware attack hit 10,000 organizations and companies in more than 100 countries on Friday. According to a study by IBM ransomware attacks increased by 6,000% in 2016 and at least 40% of spam emails now carry ransomware.

Marin Ivezic, cyber security partner at PwC, said that some clients had been "working around the clock since the story broke" to restore systems and install software updates, or patches, or restore systems from backups.

More news: Former officials call Trump's disclosure "serious"

The US security firm Symantec said the attack appeared to be indiscriminate.

Jonathan Sander, chief technology officer for STEALTHbits Technologies, called WannaCry "a Frankenstein's monster of vulnerabilities with patches and exploits that were stolen from the NSA and published for all to see". But this doesn't mean those whose computers run on Apple or Linux code should feel smug.

Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday. "But there's clearly some culpability on the part of the US intelligence services". But U.K. hospitals, Chinese universities and global firms like Fedex also reported they had come under assault. But computers and networks that didn't update their systems were still at risk. The program would check whether an obscure website was online before propagating to other computers in the same network.

More news: Why Boston should let LeBron James score 50 points a game