Hospitals, major companies and government offices have been hit by a massive wave of cyberattacks across the globe that seize control of computers until the victims pay a ransom.
Transmitted via email, the malicious software locked British hospitals out of their computer systems and demanded ransom before users could be let back in — with a threat that data would be destroyed if the demands were not met.
In the wake of the attack, Microsoft said it had taken the “highly unusual step” of releasing a patch for computers running older operating systems including Windows XP, Windows 8 and Windows Server 2003.
Microsoft president and chief legal officer Brad Smith said by keeping software weaknesses secret, vendors are left in the dark, can’t issue updates, and their customers are left vulnerable to attacks such as the one that exploded this weekend. he compared the leak of NSA exploits to the theft of missiles from the American military, pointing also to the Wikileaks dump of CIA hacking tools.
“An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action,” Smith wrote in a blog post published Sunday.
“The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
Malware attack kill switch
According to Washington Post, a vacationing British cybersecurity researcher was already several steps ahead.
About 3 p.m. Eastern time, the specialist with U.S. cybersecurity enterprise Kryptos Logic bought an unusually long and nonsensical domain name ending with “gwea.com.” The 22-year-old says he paid $10.69, but his purchase might have saved companies and governmental institutions around the world billions of dollars.
By purchasing the domain name and registering a website, the cybersecurity researcher claims that he activated a kill switch. It immediately slowed the spread of the malware and could ultimately stop its current version, cybersecurity experts said Saturday. Britain’s National Cyber Security Center confirmed Saturday that it was collaborating with the 22-year-old and other private researchers to stop the malware from spreading.
In the last twenty years, it’s become *painfully* obvious that Windows is NOT EVER going to get significantly more (or even barely adequately) secure. So it can be argued that any use of Windows, by organizations of any kind, constitutes a *huge* risk. Even though that OS has made some people filthy rich, this would suggest that it is completely and utterly irresponsible for any origination of Public Trust to continue to work with that OS.