If you ask Microsoft what is the cause for the surging cyber threats and cases of ransomware? The Redmond tech company will point an accusing finger to the U.S. government and other world governments.
Last Sunday, the company scolded the U.S. and other world governments for stockpiling software vulnerabilities. Microsoft further argues that the type of vulnerabilities governments are keeping secret are dangerous enough to cripple computers around the entire world. Microsoft accusations come hot on the heels of a massive ransomware attack linked to a leaked trove of NSA spy tools that affected at least 150 countries from Friday.
In a blog post posted on Sunday, Brad Smith, the Microsoft’s President and Chief Legal Officer wrote, “The governments of the world should treat this attack as a wake-up call.”
The ransomware that sparked all this finger pointing is known as ‘WannaCry.’ This ransomware locks up computer files until such a time the user pays up the ransom in bitcoin; an online currency.
Security experts argue that a Windows exploit know at the ‘EternalBlue’ was revealed within the leak from NSA by a group of hackers that goes by the name ‘Shadow Brokers.’ The hacking group made this hack last month, and Microsoft has since released a patch for the exploit in March. However, that patch only got to computers running Windows 7 and later OSs from Microsoft. The gravity of the situation has forced Microsoft to make an unprecedented move to release a patch for even older OS that they no longer support.
Some of the big corporations hit by the ransomware include the Russian Interior Ministry, UK’s National Health Service, and FedEx. The BBC reports at least 200,000 computers have been affected.
MalwareTech, a U.K.-based security researcher, credited with helping in partly mitigating the ransomware attack, warns a fresh round of assault could be coming “quite likely on Monday.” MalwareTech explains that the recent worldwide attack in one of many “emerging pattern in 2017” of problems brought about by governments collectively collecting vulnerabilities instead of working with relevant stakeholders to fix them.
“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” says MalwareTech. He further adds that the leaked exploits have the potential of causing “widespread damage.”
He compares the act of hackers stealing vulnerabilities from governments to the U.S. military having its Tomahawk missile stolen right out of their arsenal.
“This most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cyber security threats in the world today; nation-state action and organized criminal action,” adds MalwareTech.
“We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”