Martes, 19 Febrero, 2019

U.S. should not stockpile cyber weapons, Microsoft says

Microsoft release statement on massive worldwide WannaCry ransomware attack Huge cyberattack forces Microsoft to offer free tech fix
Ramiro Mantilla | 20 May, 2017, 13:54

The cyberattack has hit more than 300,000 computers, White House homeland security adviser Tom Bossert said at Monday's midday White House briefing.

Because of its success infiltrating systems, the software - also known as WannaCrypt, Wana Decryptor or WCry - is already inspiring imitators.

If you see the above screen, you are a victim of WannaCry. More than technical guidance, I want you to make sure you are spending the time needed to understand the concerns they have and that they know we are here to help. If we identify more opportunities to take action, we will do so. "They've been able to manage through it".

But Scott Vernick, a data security lawyer at Fox Rothschild that represents companies, said he was skeptical that WannaCry would produce a flood of consumer lawsuits. But there are a few things that businesses can do to limit the damage it causes.

This is of particular importance in ransomware attacks. His law firm sued LinkedIn after a 2012 data breach, alleging individuals paid for premium accounts because the company falsely stated it had top-quality cyber security measures.

"The general advice to everyone, both business and private users, is to upgrade antivirus software as soon as possible, and, if not already in place, to institute a regular programme of back-ups", the Government said in a statement. "On China's most prestigious college campuses, students reported being locked out of their final papers". Some high-profile attacks between 2009 and 2013 shut down government websites, banking systems and paralyzed broadcasters.

French automaker Renault and its partner, Nissan, say their plants were hit by the attack, NBC reports.

"The recent attack is at an unprecedented level and will require a complex worldwide investigation to identify the culprits", according to a statement issued by Europol, Europe's police agency.

"There are other criminals who've launched this attack, and they are ultimately responsible for this", he said.

The identity of whoever deployed the software remains unknown.

"An equivalent scenario with conventional weapons would be the USA military having some of its Tomahawk missiles stolen", Smith said.

Install Microsoft's official patch.

However, experts said that there is no guarantee that you'll get the access after paying the amount.

Grobman says governments should stockpile cyber weapons in some instances.

The difference between the earlier WannaCry attacks and the latest one is a worm-like component that infects other computers by exploiting a critical remote code execution vulnerability in the Windows implementation of the Server Message Block 1.0 (SMBv1) protocol.

MalwareTech, whose name was revealed in United Kingdom media to be 22-year-old Marcus Hutchins, was hailed as an "accidental hero" after registering a domain name to track the spread of the virus, which actually ended up halting it.

Smith's blog post did not address another factor in the ransomware's spread, one that hints at the difficulty of uniting against a hacking attack: Users of pirated Microsoft software are unable to download the security patch, forcing them to fend for themselves or rely on a third-party source for a solution.

Experts think it unlikely to have been one person, with criminally minded cyber crime syndicates nowadays going underground and using ever more sophisticated encryption to hide their activities. Searching questions are being asked of institutions that failed to protect their networks and of the organisations that were best-placed to stop the attacks.

The ransomware exploits a vulnerability in outdated versions of Microsoft Windows that is particularly problematic for corporations that don't automatically update their systems.

Keep all the software on your computer up-to-date.

Companies in Asia and Europe have been warning employees to be careful when clicking on attachments and links in their emails. And remember that any account can be compromised.

Once a vulnerable PC becomes infected, the computer will attempt to spread to other machines over the local network as well as over the internet. "Someone at the other end of the connection", Hickey said.