Ransomware: Guidance from the National Cyber Security Centre

Regolare Commento Stampare

It also says that the governments should treat the WannaCry attack as "a wake-up call", and to consider the "damage to civilians that will be coming from the hoarding these vulnerabilities and the exploits use", and to adopt the "Digital Geneva Convention" the company suggested first in February.

It's hard not to engage in a bit of victim-blaming in this situation, especially because security experts say the attacks could have been prevented.

China's cyber authorities have repeatedly pushed for what they call a more "equitable" balance in global cyber governance, criticizing USA dominance.

Tom Bossert, White House assistant to the president for homeland security and terrorism, said the ransomware infected more than 300,000 computers in 150 nations.

The good news is that home users are very unlikely to be affected.

Some cyber security investigators think North Korean hackers may have conducted the attack.

In what one of the most significant cyberattacks ever recorded, computer systems from the U.K.to Russia, Brazil and the USA were hit beginning Friday by malicious software that exploited a vulnerability in Microsoft's Windows operating system. One challenge will be sharing intelligence in real time to move as quickly as the criminals - a tricky feat when some of the major nations involved, such as the US and Russian Federation, distrust each other. We don't know the scammers' names, but we know the bitcoin addresses they're using to receive payment - just three addresses.

The key message of all cyber security training has to be that every employee's actions matter, because everyone holds the keys to the vault.

Homeland security and counterterrorism adviser Tom Bossert speaks about malware known as WannaCry, Monday, May 15, 2017, during the daily press briefing at the White House in Washington.

Users still running that operating system were vulnerable to an attack.

"While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally", he said.

The ransomware has affected at least 200,000 computers worldwide since Friday.

While businesses that failed to update Microsoft's Windows-based computer systems could be sued over lax cyber security, Microsoft itself enjoys strong immunity from lawsuits.

WannaCry attacked computers that were connected to the Internet and used Windows operating systems.

Simon Choi, a director at anti-virus software company Hauri Inc. who has analyzed North Korean malware since 2008 and advises the government on cyberattacks, said the North is no newcomer to the world of bitcoins and has been mining the digital currency using malicious computer programs since as early as 2013. The illegal software can not be easily updated.

Microsoft did issue a patch to fix the vulnerability on March 14, but Microsoft has so many upgrades most people just didn't install it.

"We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003", wrote Phillip Misner security group manager at the Microsoft Security Response Center (MSRM), in a blog post. "Otherwise they're literally fighting the problems of the present with tools from the past", it said.