However, he also said that another attack is likely to come out as hackers work around the fix he established.
Advertisement
At the same time, halfway around the world, a British researcher that goes by the handle “Malwaretech” stumbled onto the same solution and was able to stop the spread of the cyber attack, but not before it had affected thousands of computers used in banks, hospitals, and government agencies.
“This is an emerging pattern in 2017”, he continued.
Smith criticized United States intelligence agencies, including the CIA and National Security Agency, for “stockpiling” software code that can be used by hackers.
Calling for a “Digital Geneva Convention”, Microsoft’s Smith said the widespread damage caused by the ransomware shows that governments need to treat cyber weapons the same way they treat conventional weapons. Smith also compared the NSA losing control of the software to “the USA military having some of its Tomahawk missiles stolen”. It also hit a “limited number” of USA companies over the weekend, a senior DHS official confirmed to Fox News.
“Systems which did not apply a patch update for this vulnerability were affected by the WannaCry ransomware which uses worm-like behaviour to affect vulnerable systems on the network”, it explained. The tools were made public by a hacking group called the Shadow Brokers. Once the user clicks on the link or opens the document, their computer is infected and the software takes over.
The initial attack, known as “WannaCry”, paralyzed computers that run Britain’s hospital network, Germany’s national railway and scores of other companies and government agencies worldwide in what was believed to be the biggest online extortion scheme so far. Among the first to be infected was the National Health Service of the UK.
Experts are advising infected users not to pay the ransom because it is unlikely they will get their files back.
Never pay a ransom.
At the moment, the ransom amount demanded to unlock a file is $300, to be paid in BitCoins.
The spread of the global WannaCry “ransomware” cyber attack is slowing with no major infections reported, as attention shifted to investment and government policy implications of lax cyber security. Two months ago, Microsoft released the patch that could have prevented the outbreak.
“As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems”, Smith wrote.
Europol, the law enforcement agency of the European Union said on Sunday that they were working on a decryption tool and likewise analyzing the virus to identify the hackers.
Advertisement
While the attack and its impact on vulnerable people will do Microsoft no PR favours, it does bolster its case for Windows as a Service, where Microsoft takes responsibility for keeping the OS up to date with the latest versions, and also for assertively patching the OS even while users clamour for more control. CERT (Computer Emergency Readiness Team) worked with the affected US companies and their European partners over the weekend to get a patch to parties affected by the ransomware infection.
