The ‘ransomware’ cyberattack that has hit as many as 200,000 victims in over 150 countries should be treated by governments around the world as a “wake- up call”, IT giant Microsoft has said. The virus exploits a flaw in a version of Microsoft Windows first identified by US intelligence. The attacks exploited the computers because they were running outdated versions of Microsoft’s Windows operating system.
The National Security Agency (NSA) alerted Microsoft about the issue three months ago and Microsoft released an upgrade that patched the flaw, but many users were yet to run it, CNN reported.
Brad Smith, Microsoft’s president and chief legal officer, said yesterday in a blog post that his company, its customers and the government all share the blame, the report said.
“The governments of the world should treat this attack as a wake-up call,” Smith wrote while also noting how “cybersecurity has become a shared responsibility between tech companies and customers.”
But he also blamed the governments. The security flaw that hackers used to launch the attacks on Friday was made public after information was stolen from the NSA, which routinely searches for flaws in software and builds tools to exploit them, the report said.
The government is not legally bound to notify at-risk companies. That’s wrong, says Smith.
He argued there should be “a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.”
He said tech companies, customers and the government need to “work together” to protect against attacks.
“More action is needed, and it’s needed now,” he said.
The most disruptive attacks were reported in the UK, where hospitals and clinics were forced to turn away patients after losing access to computers.
The ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. It demands users pay USD 300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the payment will be raised after a certain amount of time. The malware spreads through e-mail.