The attack was made possible by a flaw in Microsoft’s Windows software that the NSA used to build a hacking tool for its own use – only to have that tool and others end up in the hands of a mysterious group called the Shadow Brokers, which then published them online. The virus displays a message asking for $300 ransom in bitcoins to unlock the system.
Even as the Centre expressed confidence on Monday that WannaCry ransomware, a malware affecting computer systems across the globe, will have little impact on India, cyber security experts said it is too early to assess the real extent of the virtual attack. “It is deeply disturbing the National Security Agency likely wrote the original malware”. Still, he said Microsoft should accept some responsibility. He noted, however, the complexity that can be involved in patching a security hole. “When a design flaw is discovered in a auto, manufacturers issue a recall”.
When malicious software first became a serious problem on the internet about 15 years ago, most people agreed that the biggest villain, after the authors of the damaging code, was Microsoft. In 2015, Microsoft got $9 million in a year from the Navy for continuing the Windows XP support. Because numerous computers impacted run older Windows systems like XP, Microsoft issued a rare patch for XP, which it had stopped updating more than three years ago. Microsoft did release a patch for the vulnerability in March but computers and networks that didn’t update their systems were still at risk.
But Scott Vernick, a data security lawyer at Fox Rothschild that represents companies, said he was skeptical that WannaCry would produce a flood of consumer lawsuits.
However, Mikko Hypponen, chief research officer at security vendor F-Secure, tweeted on Monday that some victims who paid did get their files back. (These are the most important patches that the company recommends users install immediately). But an estimated 7% of the world’s PCs still run on XP – that’s about 70,000,000 machines.
“We have built an increasingly digital society on a very insecure foundation and we are starting to see the consequences of that”, he said. “That’s going to become a more common practice”.
The leak raises the prospect of another wave of cyber attacks like the one that struck more than 150 countries and crippled parts of the NHS on Friday.
In Asia, where many offices closed before the WannaCry ransomware struck on Friday, the attack has been less severe than expected.
He added the current situation has to be a wake-up call for governments.
“The government can’t do this alone – they’re really going to have to reach out and work with Apple, with Microsoft and Google”, Martin said. “To keep the world safe, these things have to be done”.
But researcher Ethan Heilman, a doctoral student in computer science at Boston University, said some of those tumbler services are essentially fences who may try to steal the hackers’ bitcoin proceeds.