Jeudi, 29 Octobre 2020
Dernières nouvelles
Principale » WannaCry Ransomware: What We Know Monday

WannaCry Ransomware: What We Know Monday

17 Mai 2017

Installing the patch is one way to secure computers against the virus.

David Chismon, senior security consultant at MWR InfoSecurity, felt that it would be unfair to place the burden of patching old systems, even only for the most severe flaws, on Microsoft.

Instead of developing hacking tools in secret and holding them for use against adversaries, governments and intelligence agencies should share weaknesses they find with Microsoft and other software makers so that vulnerabilities can be repaired. After all, Microsoft has compared the vulnerability that WannaCrypt exploited to a Tomahawk missile.

This latest mayhem was caused by a virulent strain of ransomware, which encrypts an infected computer's data and demands a ransom for the keys to unlock it.

The WannaCry ransomware has wormed its way into tens of thousands of Windows PCs in China, where Windows XP runs one in five systems, local reports said Monday.

The National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) had found 2.42 million IPs were suffering the attack and the number of infected IPs reached 35,000 as of 10:30 am on Sunday, Xinhua reported.

Jorgensen also noted that this particular ransomware strategy, using stolen information about a Microsoft operating system vulnerability allegedly discovered by a US intelligence agency, could lead to some deeper and necessary societal conversations about how to approach and address digital security issues.

"Companies like Microsoft should discard the idea that they can abandon people using older software", Zeynep Tufekci, an associate professor at the school of information and library science at the University of North Carolina, wrote in a New York Times opinion piece over the weekend. What is WannaCry? The security world calls it a "ransomware worm". Smith wrote, "As a technology company, we at Microsoft have the first responsibility to address these issues".

Nancy lanterne rouge, Dijon respire
Et quand on sait que Lorient affrontera Bordeaux tandis que Bastia ira à Marseille, cela promet 90 dernières minutes de folie. Bastia , vainqueur face à Lorient (2-0), pointe à la 19 place, juste derrière les Merlus, 18es.

"The governments of the world should treat this attack as a wake-up call". "These attacks underscore the fact that vulnerabilities will be exploited not just by our security agencies, but by hackers and criminals around the world", Patrick Toomey, a staff attorney at the American Civil Liberties Union, said in a statement.

In February, Smith first called for the creation of what he has dubbed a Geneva Convention for cyberspace, which would outlaw nation-state cyber-attacks on critical infrastructure and tech companies.

Meanwhile, as Microsoft argued, the government's practice of stockpiling exploits and keeping them secret makes it all the more unsafe when they're leaked.

Therein lies the uncomfortable irony for Microsoft. While neither Microsoft nor the NSA has confirmed it, computer experts believe that the NSA likely tipped off Microsoft about the flaw once they realized the tool had been stolen. "But it shouldn't proactively push out the patches, as there are usually some business reasons why companies are still running old and unpatched systems", he said.

Part of the blame for this weekend's attack lies with computer users and IT managers who haven't upgraded their system.

A Cybercpace Administration of China official said on Monday, that although the virus is still spreading, it has slowed.

"Clearly, once an attack of the magnitude we're now experiencing with WannaCry starts, it makes ideal sense for Microsoft to release patches also for the vulnerable end-of-life versions". Computer scientists estimate that for every 1,000 lines of code written, there will be between 15 and 50 errors.

Security experts said the NSA had engaged in responsible disclosure by informing Microsoft of the flaw at some point after learning it had been stolen and a month before the tools leaked online.

WannaCry Ransomware: What We Know Monday