Cyber attack could spark lawsuits but not against Microsoft
11:34, May 18, 2017
Copyright 2015 All rights reserved. This material can't be published, transferred, copied or redistributed.
"WannaCry" has disrupted networks in over 150 countries, including Russian Federation and the United Kingdom, and is being termed as one of the most widespread cyber attacks.
The ransomware is known as WannaCry, WanaCrypt0r 2.0 or WCry and it's especially unsafe because it includes some sort of "worm functionality" that makes it more vicious than a regular ransomware attack.
According to Rob Wainright, director of the European Union Agency for Law Enforcement Cooperation, more than 200,000 computers are affected by WannaCry, most of which are outside the U.S. Both the scale of the attack and the virulence with which it spread from computer to computer surprised many cybersecurity experts.
Yesterday Microsoft also explicitly called out government agencies for undermining global cyber security by stockpiling exploits. Once it finds those files, it encrypts that data on your computer, making it impossible to recover the underlying user data without providing a decryption key. What is RansomwareWannaCry malware, Bitcoins?
Dore said companies that faced disruptions because they did not run the Microsoft update or because they were using older versions of Windows could face lawsuits if they publicly touted their cyber security.
Microsoft released patches for these versions of Windows, despite them having reached end-of-life. For any unused system that is vulnerable, turn it off.
Smith's statement comes as businesses, hospitals and regular consumers have fallen victims to a huge ransomware attack as hackers exploit a vulnerability in Microsoft's operating system. "An equivalent scenario with conventional weapons would be the USA military having some of its Tomahawk missiles stolen".
Smith has also suggested a "Digital Geneva Convention" that would include "a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them".
"Technology companies owe their customers a reliable process for patching security vulnerabilities", he said. A group called the Shadow Brokers were able to steal the tools last summer and started publishing them online.
"Ransomware is still not a cyber crime that is recognized under the Information Technology Act 2000 and it does not get fully covered by the provision of the Indian Penal Code". Car-maker Nissan's Chennai plants were also affected by the ransomware attack but normal operations were soon restored. Consider this map released by Malwareless. And as we globally face this challenge in cyber security, as a country we strongly believe that an integrated strategy to ensure effective regulation to our cyber security is significant at this point.
You've probably heard about the ransomware attack affecting organizations' computer systems around the world. However, the full extent of the attack won't be known until employees head back to work.
While it's not clear what could have possibly prompted organisations to under-report the impact of WannaCry ransomware, this could well be a cost saving measure, but at the expense of data security.