Microsoft Ransomware Patch For WanaCrypt Released

Microsoft Ransomware Patch For WanaCrypt Released

Hospitals, major companies and government offices have been hit by a massive wave of cyberattacks across the globe that seize control of computers until the victims pay a ransom.

Transmitted via email, the malicious software locked British hospitals out of their computer systems and demanded ransom before users could be let back in — with a threat that data would be destroyed if the demands were not met.

In the wake of the attack, Microsoft said it had taken the “highly unusual step” of releasing a patch for computers running older operating systems including Windows XP, Windows 8 and Windows Server 2003.

wannacry
wannacry

Microsoft president and chief legal officer Brad Smith said by keeping software weaknesses secret, vendors are left in the dark, can’t issue updates, and their customers are left vulnerable to attacks such as the one that exploded this weekend. he compared the leak of NSA exploits to the theft of missiles from the American military, pointing also to the Wikileaks dump of CIA hacking tools.

“An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action,” Smith wrote in a blog post published Sunday.

“The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”

 

Malware attack kill switch

According to Washington Post, a vacationing British cybersecurity researcher was already several steps ahead.

About 3 p.m. Eastern time, the specialist with U.S. cybersecurity enterprise Kryptos Logic bought an unusually long and nonsensical domain name ending with “gwea.com.” The 22-year-old says he paid $10.69, but his purchase might have saved companies and governmental institutions around the world billions of dollars.

By purchasing the domain name and registering a website, the cybersecurity researcher claims that he activated a kill switch. It immediately slowed the spread of the malware and could ultimately stop its current version, cybersecurity experts said Saturday. Britain’s National Cyber Security Center confirmed Saturday that it was collaborating with the 22-year-old and other private researchers to stop the malware from spreading.

In the last twenty years, it’s become *painfully* obvious that Windows is NOT EVER going to get significantly more (or even barely adequately) secure. So it can be argued that any use of Windows, by organizations of any kind, constitutes a *huge* risk. Even though that OS has made some people filthy rich, this would suggest that it is completely and utterly irresponsible for any origination of Public Trust to continue to work with that OS.

Share this post

5 thoughts on “Microsoft Ransomware Patch For WanaCrypt Released

  1. In the last twenty years, it’s become *painfully* obvious that Windows is NOT EVER going to get significantly more (or even barely adequately) secure. So it can be argued that any use of Windows, by organizations of any kind, constitutes a *huge* risk. Even though that OS has made some people filthy rich, this would suggest that it is completely and utterly irresponsible for any origination of Public Trust to continue to work with that OS.

  2. Microsoft did a good thing but I also think it is almost criminally negligent to run an unsupported operating system in a critical environment. I don’t for one second blame Microsoft for this but rather blame extremely bad IT departments.

  3. The biggest question remains – when those big software producing corporations will take responsibility for continuslously releasing new versions with new (besides old of course) vulnerabilities?

  4. Why is everyone thanking Microsoft? They intentionally pushed numerous updates to users to force Win 10 upgrade and copy ALL of your files to be stored at Microsoft!! And you trust MS?? What are you smoking, people??

  5. Malware worm stopped thanks to blackhole domain registration. However as these weren’t registered it presents a whole new bag of questions, why would someone leave an off switch so easily available to researchers, unless they wanted it to be stopped. Was it a elaborate clean and burn of the internet before an adversary leverage these vulnerable systems.

Comments are closed.