The biggest ransomware attack in history began last Friday. Since then, it has infected tens of thousands of computers in over 100 countries.
This includes hospitals – some of which were forced to cancel outpatient appointments – banks, government agencies, universities, gas stations, and electronics companies.
The virus is called "WannaCrypt." What is does is lock up a computer’s files and then demands a “ransom” payment in Bitcoin electronic currency in order to regain access.
Experts call WannaCrypt the worst and most widespread form of malware they’ve ever seen.
According to cybersecurity firm Malwarebytes, the virus spreads through a weakness in Windows software. In essence, WannaCrypt goes through the Internet and looks for vulnerable computers – which means you don’t even have to click anything to get infected.
“The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States,” writes Microsoft President Brad Smith.
That theft was reported in April.
Microsoft released a patch for this weakness on March 14th. Users who failed to keep their operating systems up-to-date were and still are at risk of infection.
“We take every single cyberattack on a Windows system seriously, and we’ve been working around the clock since Friday to help all our customers who have been affected by this incident,” said Smith.
Researchers don't know who’s responsible, but the majority of attacks have occurred in Taiwan, Ukraine, and Russia.
Former NSA contractor Edward Snowden, a whistleblower currently living in exile in Russia, says the NSA could have prevented the attack.
“If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened,” he tweeted on May 12th.
“Despite warnings, [NSA] built dangerous attack tools that could target Western software,” said Snowden. “Today we see the cost.”
Snowden urges Congress to ask the NSA if it is aware of any other vulnerabilities.
Microsoft's Smith says the attack illustrates the “degree to which cybersecurity has become a shared responsibility between tech companies and customers” and calls on governments to report vulnerabilities instead of stockpiling, selling, or exploiting them.
“An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen,” said Smith.
Author’s Note: The NSA may have been carless with the handling of information, but Snowden’s claim that the vulnerability for the attack came from the NSA is unfair.
The NSA maintained a list of vulnerabilities for Microsoft products. This list was stolen, and one of the vulnerabilities on the list was used in the attack.
Did Microsoft know about the list? If so, why were the vulnerabilities not patched before?