Ransomware outbreak prompts Microsoft to update old software

Since Microsoft offered patches for this vulnerability before the attacks took place, "then it's on the users to apply those patches for their own safety", said Olds.

Hundreds of countries have been affected by ransomware attacks that were widely reported on Friday. "Despite appearing to be criminal activity meant to raise money, it appears that less than $70,000 has been paid in ransoms and we are not aware of payments that have led to any data recovery".

Microsoft President Brad Smith wrote on Sunday - "This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem".

In March, thousands of leaked Central Intelligence Agency documents exposed vulnerabilities in smartphones, televisions and software built by Apple, Google and Samsung Electronics.

Microsoft, however, wasn't impressed with the latest attack. The university's Information Security Office - a unit within Information Services, the UO's central information technology department - is working directly with the directors of campus IT units to make sure the Windows computers across campus are secure from this threat. "It is very hard to hold software manufacturers accountable for flaws in their products".

Worldwide standards should compel countries not to stockpile or exploit software vulnerabilities, Smith says. I can see this happening with individuals, but can anyone in their right mind use an unsupported version of an operating systems on a banking or hospital system?

The recent "WannaCry" attack was made possible by a flaw in the 15-year-old Windows XP operating system. The longer you wait, the more you have to pay.

Lots of users, particularly those who are overseas, don't use automatic updates and leave their systems vulnerable, he said. However, the day after the outbreak Microsoft released an emergency security patch for Windows XP.

ALSO READ: Ransomeware attack: Why do WannaCry hackers demand bitcoin? Other malware writers are recompiling WannaCry without the search for the internet site. WannaCrypt was part of a stockpile of exploits stolen from the NSA earlier this year.

Wu Yunkun, president of 360 Business Security Group, told chinadaily.com.cn to curb the virus's spread, the company had provided eight versions of warning notices, seven fix guides and six fix tools to their government and enterprises customers as of Monday morning.

As with the NSA's EternalBlue, the tool on which WannaCry was based, EsteeMaudit exploits a vulnerability in Microsoft's Windows software in the way in which networked machines communicate with each other.

Here's a rough sketch of how things unfolded in India after WannaCry was unleashed on the World Wide Web. "Occasionally mistakes happen", he added.



Otras noticias