Microsoft Blames the Government for WannaCry

A ransomware-infected computer.
The ransomware infects a Windows computer and encrypts its files on the hard drive. (Image: The Digital Artist via Pixabay)

WannaCry ransomware, which caused havoc in the summer of 2017, is a computer virus that infected and spread across 150 countries. According to Forbes, it affected the systems of 48 UK National Health Services centers, FedEx, Telefonica, Renault and Nissan plants, American universities, Russian government systems, and even Chinese ATMs.

The WannaCry ransomware infects a Windows computer and encrypts its files on the hard drive. It then demands a ransom amount, and only after the payment of said amount will the user be able to gain access to his/her computer.

The cyber catastrophe is certainly a priority and, naturally, folks want to get to the bottom of the whole situation. Unfortunately, it has also led to a serious blame game.

WannaCry was spread by a Microsoft exploit

It was found that Eternal Blue, a Microsoft exploit developed by the National Security Agency (NSA), was leaked by a hacker group, Shadow Brokers, and was also one of the tools used to quickly spread WannaCry ransomware throughout the world.

Eternal Blue takes advantage of a vulnerability in Microsoft’s system and directly attacks its Server Message Block. This defect allows hackers and attackers to take control of the system and, in this case, even lock it, with the demand for ransom money.

As a result, Microsoft has criticized and accused the government and its agencies of keeping this exploit a secret and even hoarding it in the first place. Microsoft President and Chief Legal Officer Brad Smith said:

As vendors and customers are often in the dark about these exploits and weaknesses, they are unable to secure themselves from a possible attack by hackers.

Microsft blamed the U.S. government for Wannacry's spreading around the world.
‘An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today — nation-state action and organized criminal action,’ Smith wrote. (Image: TheDigtalArtist via Pixabay)

Smith even likened the leak of these weaknesses to the robbery of missiles from the military highlighting the gravity of the situation. Smith wrote in his blog that:

He attacked the government, stating that it is time the government took action and treated cyberspace breaches like WannaCry the same way they would a breach in the physical world. Damage to civilian lives through cyberattacks is significant and the government needs to take responsibility.

Microsoft has also called for the establishment of a Digital Geneva Convention to protect users and vendors from such cyberattacks by requiring governments to report such vulnerabilities and exploits instead of simply hoarding them, or worse, exploiting or selling them.

Smith wants the Digital Convention to be modeled after the Geneva Convention on the rules to govern war and protect civilians.

On its part, Microsoft has developed a patch for the ransomware and even released fixes for its previous, very old operating systems, some of which are no longer covered for support. These old operating systems even included Windows XP and Windows Server 2003.

In contrast, Brian Lord, Managing Director of PGI Cyber and former deputy director of one of the UK’s intelligence agencies, has stated:

The comment is based on the use of such exploits by government agencies to attack an enemy, or even terrorist computers, who generally use Microsoft operating systems.

Follow us on Twitter, Facebook, or Pinterest

RECOMMENDATIONS FOR YOU