News

Microsoft Points Finger at NSA in Ransomware Outbreak

In its postmortem of last Friday's wide-ranging ransomware attack that targeted Windows systems, Microsoft put part of the blame on the U.S. National Security Agency (NSA).

The ransomware, identified as a malicious program called "WannaCrypt," demanded Bitcoin payments to unlock infected systems. WannaCrypt was part of a stockpile of exploits stolen from the NSA earlier this year.

In a blog post on Sunday, Brad Smith, president and chief legal officer at Microsoft, noted that as cyberattacks have grown in sophistication, the government practice of hoarding malicious tools has done more harm than good.

"We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world," wrote Smith. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today -- nation-state action and organized criminal action."

While the NSA has not commented on either the WannaCrypt attack or Microsoft's response, Tom Bossert, President Trump's Homeland Security adviser, said at Monday's daily White House press briefing that the infection rate has been relatively low in the United States compared to other countries, and that no federal systems have been compromised.

However, Bossert warned that following the patching advice from Microsoft and the FBI should be a top priority to stop the spread of ransomware, which has hit a number of large-profile companies, including FedEx.

"While it would be satisfying to hold accountable those responsible for this hack -- something that we are working on quite seriously -- the worm is in the wild, so to speak, at this point, and patching is the most important message as a result," said Bossert. "Despite appearing to be criminal activity intended to raise money, it appears that less than $70,000 has been paid in ransoms and we are not aware of payments that have led to any data recovery."

Microsoft released security patches for the ransomware on Friday. Security Update KB401258 protects vulnerable Windows and Windows Server editions, including Windows 8, Vista, XP and Windows Server 2003 and 2008. Until Friday, Microsoft had not released a security update for Windows XP in over three years.

Those running Windows 10, 8.1, 7, Vista SP2 or Windows Server 2008 SP2 or later are already protected from the ransomware, which had infected many systems worldwide.

"We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003," wrote Phillip Misner security group manager at the Microsoft Security Response Center (MSRM), in a blog post.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

  • Everything Microsoft Announced at Its Surface Event

    Microsoft showed off its updated and expanded line of Surface devices this week, positioning the new Surface Laptop Studio as its flagship Windows 11 laptop.

  • M&A in Microsoft Channel: Progress Acquires Kemp

    Longtime Microsoft partner Progress Software is acquiring another Microsoft partner in Kemp Technologies.

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • Microsoft Says System Center 2022 Will Arrive Early Next Year

    Microsoft is planning to release its new System Center product in the first quarter of 2022, with a private preview arriving within months.