Microsoft (NASDAQ:MSFT) is blaming government agencies for a massive, new ransomware attack that affected hundreds of thousands of computers around the globe. The WannaCry – or WannaCrypt/WanaCrypt – malware locked down computers worldwide while demanding hefty ransom demands for the release of the computers. As of Sunday morning, more than 100,000 organizations in at least 150 countries had been affected. A Windows vulnerability theft from the NSA last month has been directly tied to WannaCry.
Ransomware encrypts important files and demands payment to prevent the entire system from being deleted. These types of attacks spiked in the last year, rising to 463,841 in 2016 from 340,665 in 2015, according to online security company Symantec. The WannaCry virus has already become the worst case of ransomware in history.
Microsoft, which sells the Windows operating system, has been criticized for years for its security shortcomings. Microsoft legal chief Brad Smith said, “We take every single cyberattack on a Windows system seriously, and we’ve been working around the clock since Friday to help all our customers who have been affected by this incident.” Smith noted that the company released a security update to patch the flaw exploited by the WannaCry virus back in March.
While the WannaCry attack hit thousands of computers across around the world, the hospitals affected in the UK have attracted the most attention. The health care industry is a major target of these types of attacks, with ransomware accounting for more than 70 percent of malware attacks against hospitals, pharmacies and insurance agencies. Many machines at the National Health Service were running on Windows XP, a system Microsoft stopped supporting years ago, so there was no patch available for its systems.
Smith said in a company blog post that governments should alert vendors to software vulnerabilities instead of hoarding them and keeping them secret. Smith said, “The governments of the world should treat this attack as a wake-up call. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
This isn’t the first time US spy agencies have been accused of knowing about vulnerabilities and keeping them secret. WikiLeaks’ release of CIA hacking tools in March and the stealing of a Microsoft Windows vulnerability from the National Security Agency last month has caused alarm in many security circles. Smith said, “An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.”
Security researchers have been warning that this would happen for years now. While the WannaCry virus appears to be slowing, reports of new variations of the malware have already started to appear.