How The NSA Started A Worldwide Ransomware Attack
The NSA is to blame for the ransomware that spread worldwide in recent days and hit Britain’s hospitals and even FedEx, Microsoft is alleging.
“The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States,” Microsoft President and Chief Legal Officer Brad Smith wrote in a May 14 blog post. “An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”
Smith is referring to the Wannacry ransomware, which froze computers and disrupted service at several hospitals run by Britain’s National Health Service (NHS). The attack caused emergency rooms to turn away ambulances and led to the cancellation of some operations, The Guardian reported.
Wannacry takes over computers and demands that users pay $300 in bitcoin to get access to their own data. The NHS was simply one of many victims of Friday’s cyberwarfare attack. The attack is one of the largest in history and may have affected 200,000 computers in 150 countries, the Europol law enforcement agency estimated.
The ransomware took advantage of a weakness in the Microsoft operating system – a weakness that the NSA knew about but decided to keep to itself so it could use it to penetrate computers.
“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” Smith wrote. “Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. … And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.”
The NSA and CIA should alert software companies of weaknesses so they can be fixed, he added.
“The governments of the world should treat this attack as a wake-up call,” Smith wrote. “They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
What is your reaction? Share it in the section below: