It spreads on its own like a real virus. Luckily, it is not fully functional, but it's surely just a matter of time before a worse version of WannaCrypt emerges.
While the NSA did alert Microsoft in time for the company to make protection available to many machines - although not always taken advantage of - it failed to make clear to the public just how unsafe the vulnerability could be. Under the Vulnerabilities Equities Process established during former President Barack Obama's administration in 2013, the NSA, CIA and other intelligence agencies are supposed to disclose security bugs rather than trying to exploit them. Following the notification, the Seattle-based software giant issued a free critical security update on March 14 to all Windows 7 and Vista users and to customers of its paid security update service for Windows XP.
Smith said he hopes the recent WannaCry attack will change the minds of government agencies and stop developing hacking tools in secret and holding them for use against adversaries, especially since the technology for WannaCry was stolen from the NSA.
Even though Google tries to send updates for most of the Android-powered devices, reportedly, over 100 million devices are still running on outdated security software and can be vulnerable to ransomware attacks.
For instance, if we take the case of the hospital systems held hostage in United Kingdom, they're more likely to pay up in order to safeguard their patient's information that has been encrypted by the attacker than a teenager with photos and contacts to lose - which otherwise, in all likeliness - is also backed up on cloud. WannaCry, however, does not discriminate and has taken over not only general users' computers, but also large-scale organizations as well.
Yet, Bossert claimed in Monday's press briefing that if organizations follow the mitigation advice published by the Department of Homeland Security, the Federal Bureau of Investigation and Microsoft-and have patched their systems-they will be "protected against all these variants".
"The governments of the world should treat this attack as a wake-up call". Without doing a thing, when WannaCry came along nearly 2 months later, the machine was protected because the exploit it targeted had already been patched.
Not only is security the responsibility of the manufacturer, but also of the consumer as the latter is responsible for updating their devices to the latest software provided to protect against such attacks. These are valid explanations for using obsolete software, but they are not excuses.
"The size of the outbreak is indicative of the number of machines out there which have not been patched with security updates". "In terms of awareness and impact on people, it's probably been the biggest one so far".
Government agencies running obsolete software is also a huge problem.
Who's being targeted for blame?
WannaCry, in particular, took advantage of thousands of computers who have older versions of the Windows file-sharing system. Expecting any company to keep giving out free updates for software that is several generations old is absurd.
"I'm anxious about how the numbers will continue to grow when people go to work and turn on their machines on Monday", Europol director Rob Wainwright told Britain's ITV television.