Developer releases WannaCry key-recovery tool for Windows XP
The article by Cirilo Laguardia was published by Hoyen TV on May 20, 2017.
Meaning, as he wrote in a blog post this past weekend, agencies like that NSA should have a "new requirement" to report vulnerabilities they find to software makers like Microsoft, instead of stockpiling or selling or exploiting them. Eternal Blue was technically created to spy on key target points that the NSA deems necessary to.
Smith says cyberweapons require a new approach, and governments must "consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits".
"We're looking at many decades of building complex systems - one on top of the other - with no effort to go back to fix what we did wrong along the way", said Wendy Nather, principal security strategist at Duo Security, who has worked in security for 22 years.
And while Smith says Microsoft and other tech companies need to take the lead on combatting these widespread attacks, he highlights the shared responsibility required to protect, detect and respond to threats.
Unfortunately, numerous millions of computers now still running the 2001 operating system never received those updates because their owners refused to pay for it.
WannaCry doesn't seem to be any more virulent or more expensive than other ransomware.
Make sure that your computer is up to date with its Windows updates.
In both cases, these computer owners are the digital equivalent of medical vaccine deniers.
While businesses that failed to update Microsoft's Windows-based computer systems could be sued over lax cyber security, Microsoft itself enjoys strong immunity from lawsuits. When a user clicks on the link, their computer and the information on it is held for ransom while being used to further spread the ransomware. Without doing a thing, when WannaCry came along nearly 2 months later, the machine was protected because the exploit it targeted had already been patched.
According to the company, "customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March". These are valid explanations for using obsolete software, but they are not excuses. Unfortunately, far too few people even bother.
WannaCry, developed in part with hacking techniques that were either stolen or leaked from the United States National Security Agency, has infected over 300,000 computers since last Friday, locking up their data and demanding a ransom payment to release it. This is to prevent the ransomware from using the unprotected Windows XP unit as a gateway.
Government agencies running obsolete software is also a huge problem.
While the federal government mostly avoided WannaCry infections, its processes highlight how hard it is for large organizations to modernize.