November 19 2017

WannaCry Ransomware: Microsoft Calls Out NSA For 'Stockpiling' Vulnerabilities

November 19 2017, 12:56 | Irvin Gilbert

CNNMoney/Shutterstock via CNN

Symantec FireEye Palo Alto Cybersecurity

The world's biggest cyberattack has hit at least 150 countries and infected 300,000 machines since it started spreading last Friday.

The WannaCry malware that spread to more than 100 countries in a few hours is throwing up several surprises for cybersecurity researchers, including how it gained its initial foothold, how it spread so fast and why the hackers are not making much money from it.

When Microsoft sells software it does so through a licensing agreement that states the company is not liable for any security breaches, said Michael Scott, a professor at Southwestern Law School.

Nissan: The carmaker said in a statement that "some Nissan entities were recently targeted" but "there has been no major impact on our business".

Mumbai: WannaCry, the malware that held over 200,000 individuals across 10,000 organizations in almost 100 countries to ransom-demanding that they either cough up money or lose their data-may be on the wane but this is no time to be complacent. "There is this stream of liability that flows from the ransomware attack", he said.

Vernick said businesses that failed to update their software could face scrutiny from the U.S. Federal Trade Commission, which has previously sued companies for misrepresenting their data privacy measures.

By bundling a tool farmed from the leaked NSA files with their own ransomware, "they achieved better distribution than anything they could have achieved in a traditional way" he said.

Meanwhile, ransomware incidents were reported from Kerala, Kolkata and Andhra Pradesh.

An global manhunt was under way for the plotters behind the world's biggest-ever computer ransom assault which has affected more than 150 countries.

Shadow health secretary Jonathan Ashworth accused the Government of ignoring "extensive warning signs" about vulnerabilities in NHS computer systems.

RSN chief executive Graham Biggs said: "This is an extremely worrying situation for rural patients and for small rural practices which operate on a limited budget".

"We have ramped up resources right across government to IT support and as a outcome have been quite lucky that we haven't had a successful attack on than this one".

"In addition to protective real-time monitoring of national NHS IT services and systems, which were unaffected by this issue, we are supporting NHS organisations by undertaking cyber security testing and providing bespoke advice and action points".

"Treatment for time sensitive conditions, such as wet AMD could potentially be delayed if patient records and imaging systems cannot be accessed", he elaborated. "We will continue to work with affected (organizations) to confirm this", the agency said. The cost to the NHS in cancelled appointments and disruption on Friday has not yet been revealed but could run into millions.

Rudd was speaking after chairing a meeting in Whitehall, London, of the government's main emergency committee, known as Cobra. "And more broadly on that, the percentage of NHS systems that were running XP fell from 15-18 per cent in December 2015 to 4.7 per cent now".

In what one of the most significant cyberattacks ever recorded, computer systems from the Russia, Brazil and the US were hit beginning Friday by malicious software that exploited a vulnerability in Microsoft's Windows operating system.

Other news