Global ransomware attack used info stolen from NSA, says Microsoft

By on 16/05/2017 | Updated on 04/02/2022
The WannaCrypt ransom note that appears on infected systems (Image courtesy: @Sophos).

The head of Microsoft has called on governments to stop stockpiling software vulnerabilities, after claiming that Friday’s global cyber-attack exploited information stolen from the US National Security Agency.

The ‘WannaCrypt’ cyber-attack (from the software’s name Wanna Decryptor, and also known as WannaCry) is estimated to have hit some 200,000 organisations in at least 150 countries. In the UK’s National Health Service, which was particularly badly hit, at least 47 organisations were affected.

Security experts have speculated that the ransomware, which works by exploiting a vulnerability in older versions of Windows, came from a cache of hacking tools allegedly stolen from the NSA by hacker group Shadow Brokers.

The malware is believed to make use of an NSA hacking tool called Eternal Blue that makes it easier to invade older Windows machines.

In a blog posted on Sunday, Microsoft president Brad Smith said “the WannaCrypt exploits [sic] used in the attack were drawn from the exploits stolen from the National Security Agency” and called on governments to treat the attack as a “wake-up call”.

“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” he said. “This is an emerging pattern in 2017.

“We have seen vulnerabilities stored by the CIA show up on WikiLeaks and now this vulnerability stolen from the NSA has affected customers around the world.

“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.”

Smith said governments need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. “We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits,” he said.

Microsoft Headquarters, Redmond. A patch for the vulnerability was released 2 months ago on March 14th.

Microsoft released a security update to patch the vulnerability on March 14, a month before the theft of exploits from the NSA was publicly reported, Smith said.

The patch protected newer Windows systems and computers that had enabled Windows Update to apply it, but not older versions for which it no longer provides support. Over the weekend, Microsoft rolled out a patch for Windows XP, Windows Server 2003 and Windows 8.

Smith said that Microsoft proposed in February a new “Digital Geneva Convention” that would include a new requirement for governments to report software vulnerabilities to vendors, rather than stockpile, sell or exploit them.

“We should take from this recent attack a renewed determination for more urgent collective action,” he said. “We need the tech sector, customers and governments to work together to protect against cybersecurity attacks.”

For up to date government news and international best practice follow us on Twitter @globegov

See also:

New international centre to challenge state-led fake news and cyber attacks

Calls for further EU security action as new measures signed into law

Germany announces new cyber security unit in wake of terror attacks

Estonia seeks safe location abroad to protect citizens’ data from hackers


About Liz Heron

Liz Heron is a journalist based in London. She worked on daily newspapers for more than 16 years as an education correspondent, section editor and general news reporter. She was Education Editor of the South China Morning Post in Hong Kong and has contributed to a wide range of British media including The Independent, The Guardian and the BBC.

One Comment

  1. Paul says:

    should begin Class-Action lawsuit against NSA for not divulging there nefarious secrets. There job is supposed to keep us safe, not to spy on us.

Leave a Reply

Your email address will not be published. Required fields are marked *