Microsoft’s president Brad smith reacted today on the devastating Wannacry ransomware attack that shut down hospitals and organizations nationwide stating:
“Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.”
Read the full blogpost here on Microsoft’s website.
This was in response to the news that the Wannacry ransomware used “EternalBlue”, an NSA tool designed to attack Windows machines in order to propagate itself between hosts. This tool, among others, was leaked along with a multitude of other tools between August of 2016 and April of this year by a group named “The Shadowbrokers” in a series of five leaks, Eternalblue having been leaked in the 5th leak on April 14th 2017. The exploit used by EternalBlue was patched by Microsoft in March 2017 but the complex infrastructures of large organizations including the NHS which was hid badly by the attack meant many Windows systems were, and still are, out of date and vulnerable to this lethal and fast spreadign worm/ransomware.
More on the topic:
See Colin Hardy‘s video of him performing a behavioural analysis on Wannacry 2.0: