Former GCHQ chief blames Microsoft for world's biggest ever cyber attack

Henrietta Brewer
May 17, 2017

The malware which is used in the attack - called WannaCry - attacks Microsoft Windows operating systems and takes control of user's files, demanding $300 (£230) payments to restore access. "We have seen vulnerabilities stored by the Central Intelligence Agency show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world", Smith wrote. The country is considered vulnerable thanks to a large number of computers running on older Microsoft operating systems.

"As far as I know there's only been two variants (one this morn) and none without [a kill] switch", security researcher Dave Kennedy told El Reg.

Meanwhile, India's cyber security unit CERT-In today said it has not received any formal report of cyber-attack on India's vital networks by "WannaCry".

Speaking on BBC Radio Scotland, Dr Andrew Cowie from Hawkhill Medical Centre in Dundee, said: "They haven't got everything up and running yet, so it's going to be a bit of a hard day".

"Again, any patient with a hospital appointment should attend as normal".

What isn't in question is that follow-up attacks based on something similar to WannaCrypt are likely and that systems therefore really need protecting.

The ransomware exploited a vulnerability that has been patched in updates of recent versions of Windows since March, but Microsoft didn't make freely available the patch for Windows XP and other older systems. Japan, Turkey, and the Philippines were also affected.

The cyber attack that crippled NHS computer systems is the biggest of its kind ever launched, security chiefs have said.

Brad says that the attack demonstrates the degree to which cyber security has become a shared responsibility between tech companies and customers.

"It seems that a lot of internet security guys over the weekend did their homework and ran the security software updates".

Renault halted production at some factories to stop the virus from spreading, a spokesman said Saturday, while Nissan's vehicle plant in Sunderland, in northeast England, was affected without causing any major impact on business, an official said.

Ms Sturgeon said she was not aware of any ransoms being paid over the cyber attack but said that will be part of the police investigation.

It said in a statement: "NHS Digital issued a targeted update on a secure portal accessible to NHS staff on April 25, and then via a bulletin to more than 10,000 security and IT professionals on April 27 to alert them to this specific issue". Some security experts calculate that ransomware may bring in as much as $1-billion a year in revenue for the attackers. Reuters reported that London-listed cybersecurity exchange-traded fund ISE, whose holdings include software provider Cisco Systems and cybersecurity firms Fireeye and Symantec, rose 0.9 per cent when markets opened.

Ryan Kalember, senior vice president at Proofpoint Inc. which helped stop its spread, said the version without a kill switch could spread.

British cybersecurity expert Graham Cluley doesn't want to blame the NSA for the attack.

'For so many organizations in the same day to be hit, this is unprecedented, ' he added.

Other reports by iNewsToday