Just a few days ago a global cyber attack was launched using the "WannaCry" ransomware.
For nearly everyone, WannaCry looks identical to all other ransomware.
The WannaCry attack is not a zero-day flaw, but rather is based on an exploit that Microsoft patched with its MS17-010 advisory on March 14 in the SMB Server. Security experts have discovered that the ransomware also uses NSA's DoublePulsar as the backdoor.
British cybersecurity expert Graham Cluley doesn't want to blame the NSA for the attack.
After the WannaCry attack, Microsoft went out of its way to ensure the safety of users.
The major story from last week was that malware, described in leaked NSA documents, crippled Windows computers worldwide.
Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. After the NHS attack, Microsoft provided a security update for technology running Windows XP.
The links for this security patch are available on Microsoft's blog.
There is now no info about how the initial ransomware infections happened but Microsoft believes it may be through phishing emails which contain the Trojan Horse malware. "Ideally, this data should be kept on a separate device, and backups should be stored offline", it said. It brings us to another important point.
Hospitals and GP surgeries were forced to turn away patients as the ransomware seized control of computers. As of midafternoon Monday, a Twitter bot tracking payments to the wallets said the accounts had a total of a little over $55,000 in them.
After the attack, the central bank reissued its recommendations to Russian banks, it said, adding that it would start publishing statements on its website about cyber attacks it had caught as well as steps taken to reinforce IT security. First, you'll be contributing funds towards future crime. The attackers have locked up users' data and are demanding between $US300 and $US600 for the encryption key. Prof Alan Woodward of the University of Surrey doubts if someone would return your contact request, considering the amount of attention they are getting from all corners.
India's cyber security agency Computer Emergency Response Team of India (CERT-In) has asked users in the country not to pay ransom if hit by ransomware WannaCry which has impacted 2 lakh people in over 150 countries. Businesses need to patch to be completely protected, but Hickey's solution works for organizations that might need more time to upgrade.
"An equivalent scenario with conventional weapons would be the USA military having some of its Tomahawk missiles stolen, "Microsoft President Brad Smith said in a blog".