Don't hoard cyberweapons, Microsoft warns world leaders

Posted May 17, 2017

Though WannaCry has made global headlines and put lives a risk, the attackers behind the ransomware worm so far have not made all that much money, given the global impact of the attack.

The user is notified that their computer is locked down and instructed to pay a ransom to regain control of their files. BGR reports that the demand is $300 at the time of infection. He said the virus attack that crippled computers worldwide proves that "stockpiling of vulnerabilities by governments" is a major problem.

Michael Mitchell, spokesman for Oreo cookie maker Mondelez International, said the company is not aware of any incidents from the attack, though it did alert employees. This ransomware propagates by exploiting a Microsoft Windows vulnerability in unpatched computers.

China is preparing to enforce a wide-reaching cyber security law that USA business groups say will threaten the operations of foreign firms in the country with strict local data storage laws and stringent surveillance requirements. There are only three bitcoin wallets that are part of the WannaCry attack where victims can direct payment, to get their files back.

Smith's blog post did not address another factor in the ransomware's spread, one that hints at the difficulty of uniting against a hacking attack: Users of pirated Microsoft software are unable to download the security patch, forcing them to fend for themselves or rely on a third-party source for a solution. As the malware was expected to encrypt the hardware disk of a computer before spreading to other systems on the local area network (LAN), banks were asked to instal the latest antivirus patches.

On top of that, the NSA would likely be able to claim that it is shielded from liability under the doctrine of sovereign immunity, which says that the government can not be sued over carrying out its official duties.

It appears the people behind that attack, who have not yet been identified, earned about $26,000, reports Krebs on Security.

Shadow Brokers's identity still remains a mystery, albeit security experts think the group could be tied to the Russian government.

Vernick said businesses that failed to update their software could face scrutiny from the U.S. Federal Trade Commission, which has previously sued companies for misrepresenting their data privacy measures.

MalwareTech warns however that the kill switch is likely only a temporary fix and other variants of the WannaCry malware will likely emerge that do not contain the same kill switch.

"I like a physical external backup, so an external hard drive that you connect and then can disconnect from the computer system and then don't keep it hooked up to the computer system because then that could also be affected", said Siewert.

Never open attachments in emails from someone you don't know. That's because security researchers say the ransomware is spread through standard file sharing technology used by PCs called Microsoft Windows Server Message Block, or "SMB" for short. You can find the patch here.