Ransomware attack should be wake-up call for govts

WannaCry ransomware had spread using a loophole in Microsoft windows operating systems that were initially found by the United States national security agency (NSA), which according to reports was using it in order to find a way to hack networks of terrorist groups, and was leaked by Shadow Brokers, which said that it had found the tools in agency's servers which the group had breached earlier.

Then there's the US government, whose Windows hacking tools were leaked to the internet and got into the hands of cybercriminals. The virus was able to propagate to other computers without any interaction from a user, which explains why it was so viral before a researcher stumbled upon an unexpected fix. So far, not many people have paid the ransom demanded by the malware, Europol spokesman Jan Op Gen Oorth told The Associated Press.

Here are some of the key players in the attack and what may - or may not - be their fault.

Security firms are encouraging companies and users to make sure they install the official patch from Microsoft.

Those include a known and highly unsafe security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and malware created to spread quickly once inside university, business and government networks.

Microsoft Corp President Brad Smith sharply criticized the USA government on Sunday for "stockpiling" software flaws that it often can not protect, citing recent leaks of both NSA and Central Intelligence Agency hacking tools.

Once Microsoft released the patch for the vulnerability - exploited by hacker group "Shadow Brokers" after stealing a software from the US National Security Agency (NSA) - some Window XP users installed the update called "Microsoft Security Bulletin MS17-010" on their desktops and laptops. If patches for vulnerabilities are distributed, apply them quickly, and don't open suspicious file attachments. On Friday, May 12 the software giant had issued an update to Windows Defender, enabling the anti-malware product, which ships with Windows, to detect and block the ransomware. Losses from WannaCry will also be limited as the ransomware is largely hitting organizations in Europe and Asia where fewer companies buy cyber insurance, although more companies outside the USA are buying the coverage, he said.

Microsoft also issued a statement, calling the circumstances painful.

Still, it was Microsoft that wrote the exploitable software to begin with.

"I was actually panicking because because one of my analysts made a mistake and they had said by registering the url we had started the infection", the unnamed researcher told ABC News.

The attackers targeted a weakness found in older versions of Microsoft Windows. When it first debuted, there were more than a few reasons why you might not want to upgrade, but as time has gone on - and as the operating system has improved - that list has gotten smaller and smaller.

With more than 3,500 security engineers at the company, Microsoft said, it is fighting cybersecurity threats with constant updates to its Advanced Threat Protection service. He noted, however, the complexity that can be involved in patching a security hole.

But some other technology industry executives said privately that it reflected a widely held view in Silicon Valley that the U.S. government is too willing to jeopardize internet security in order to preserve offensive cyber capabilities. "It also help that Microsoft had already deployed a patch capable of stopping this attack". Do not enable macros, cybersecurity company Symantec says. Backups often are also out of date and missing critical information.

"It's not rocket science", Litan said. We hope that the government and businesses will accept the latest attack as a valuable warning and ramp up countermeasures. Asked what the company is doing to prevent such exploitations, he cited "basic IT security blocking and tackling".

Bossert said he expected the number of people affected would rise as more workers logged into their work computers today.