Defending Yourself - and Your Computer - From WannaCry Ransomware

Fernando Stephens
May 18, 2017

While banks and critical organisations have tightened their security systems following the global WannaCrypt ransomeware assault of the weekend, there is a blame game brewing in the US over who was responsible.

The WannaCry worm has affected more than 200,000 Windows computers around the world since Friday, disrupting auto factories, global shipper FedEx Corp and Britain's National Health Service, among others.

Capitalising on spying tools developed by the US National Security Agency (NSA), the ransomware attack has infected tens of thousands of computers in 104 countries, though at this stage relatively few in Australia.

The result paralyzed the computers of massive organizations across the globe and demanded an unlocking ransom of $300 in bitcoins.

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem", Microsoft President and Chief Legal Officer Brad Smith said in a blog post on Sunday, comparing the recent leaks of NSA and Central Intelligence Agency hacking tools to, in the real world, the theft of cruise missiles. The problem is that once those vulnerabilities become public, they can be used by others. Updating software will take care of some vulnerability.

Although the argument that it's the NSA's fault has merit, Microsoft should shoulder blame too, according to Alex Abdo, staff lawyer at the Knight First Amendment Institute at Columbia University. Still, he said Microsoft should accept some responsibility.

Over two lakh computers in at least 150 countries are said to have been infected, according to Europol, the European Union's law enforcement agency. "It is very hard to hold software manufacturers accountable for flaws in their products".

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem", the company said in a blogpost.

Senate Intelligence Committee invites Comey to testify publicly
The Senate intelligence committee on Wednesday asked Mr Comey to appear before the panel in both open and closed sessions. She cited TrumpĀ“s out-of-court comments about the judge overseeing the Trump University fraud litigation as an example.

National Informatics Centre, which manages government websites, and the Centre for Development of Advanced Computing installed security patches issued by Microsoft to immunise their Windows systems.

The virus targeted computers using Windows XP, as well as Windows 7 and 8, all of which Microsoft stopped servicing years ago. Use a reputable security software to prevent attacks in the future. The company had already been supporting it longer than it normally would have because so many customers still used it and the effort was proving costly. Instructions on how to install this patch are also available at ZDNet. He noted, however, the complexity that can be involved in patching a security hole. But its impact in India was hardly seen.

Proofpoint researchers have identified more than 20 hosts set up to scan the Internet and infect vulnerable machines they find.

The flaw in Windows behind a huge cyber-attack affecting organisations around the world, including some United Kingdom hospitals, can be traced back to the US National Security Agency (NSA) - raising questions over the US government's decision to keep such flaws a secret. But in this case, according to Kaspersky Lab, the shared code was removed from the versions of WannaCrypt that are now circulating, which reduces the likelihood of such a "false flag" attempt at misdirection.

However, Mikko Hypponen, chief research officer at security vendor F-Secure, tweeted on Monday that some victims who paid did get their files back.

The Microsoft President also added: "The governments of the world should treat this attack as a wake-up call".

Global standards should compel countries not to stockpile or exploit software vulnerabilities, Smith says.

Other reports by BadHub

Discuss This Article