Liliputing

  • Reviews
  • Deals
  • How To…
  • Mini PCs
  • Shop
  • About
    • About Liliputing
    • Contact us
    • Advertise on Liliputing
    • Support Liliputing
    • Privacy Policy

Ransomware using exploit identified by NSA is wreaking global havoc

05/12/2017 at 5:14 PM by Brad Linder 11 Comments

Thousands of computers around the world are falling prey to a ransomware attack called WCry, although it’s also goes by WannaCry, WanaCryptor, or several other related names. According to the BBC, there have been reports of infected computers in “more than 70 countries, including the UK, US, China, Russia, Spain, Italy, and Taiwan.”

The malware locks users out of their computers unless a ransom is paid in Bitcoin. The National Health Service has been hit in the UK, causing surgeons to cancel operations and emergency rooms to scale back. Spanish wireless carrier Telefonica has also been hit.

The root of the problem? A Microsoft Windows security vulnerability first identified by the US National Security Agency, and released last month by a group called Shadow Brokers.

Update: The WannaCrypt ransomware has been (at least temporarily) halted from causing damage, and Microsoft has taken the unusual step of releasing security updates for all users running Windows XP or newer versions of Windows, even though official support for that OS ended years ago.

Microsoft

To Microsoft’s credit, the company has already released a security update that patches the vulnerability exploited by the WCry ransomware. In fact, the patch was released before the Shadow Brokers published their report.

The problem is that some users are slow to install updates… particularly large corporate or government networks. Microsoft even provides tools that make it easier for those customers to pause or delay updates.

So there are probably millions of vulnerable computers, and we already know that tens of thousands have been affected.

Today’s ransomware attack is a good reminder of two things:

  1. You should always try to stay up to date on security updates for your computer and other devices.
  2. This is what can happen when government agencies like the NSA (or CIA) stockpile known security vulnerabilities rather than making them known to the affected parties so that patches can be released before any damage is done.

To that latter point, if the NSA had let Microsoft know about the flaw as soon as it was discovered, there’s a better chance that many of the computers being infected today could have been protected against the ransomware attack.

And even if Shadow Brokers hadn’t released the NSA’s hacking tools, the vulnerability still existed and it could have been discovered by someone working independently.

Sure, government spy and law enforcement agencies need to be able to conduct covert investigations. But today we’re seeing one of the possible outcomes of keeping a private library of security exploits to do that: innocent people end up paying the price.

Share this:

  • Facebook
  • Twitter
  • Reddit
  • Pocket
  • Tumblr
  • Pinterest
  • LinkedIn
  • Email

Daily Deals (12-13-2019)

Every week this year, the Epic Games Store has offered up at least one game for free, and sometimes two. This week is one of the twofer weeks -- you … [Read More...]



Support Liliputing

Liliputing’s primary sources of revenue are advertising and affiliate links (if you click the “Shop” button at the top of the page and buy something on Amazon, for example, we’ll get a small commission).

But there are several ways you can support the site directly even if you’re using an ad blocker and hate online shopping.

Contribute to our Patreon campaign

or…

Contribute via PayPal

  • donate monthly
  • donate once only
Select a Donation Option (USD)

Enter Donation Amount (USD)

11
Leave a Reply

Login with
Facebook Google Twitter WordPress Yahoo! Disqus Reddit Stackoverflow GitHub
avatar
This comment form collects your name, email address, and content to allow us to keep track of comments placed on this website. Please read our privacy policy for more details.
Save my name, email, and website in this browser cookies for the next time I comment.
3 Comment threads
8 Thread replies
1 Followers
 
Most reacted comment
Hottest comment thread
11 Comment authors
FaxNutellaIwannaBeFreeRead AgainOpenYourMind Recent comment authors
avatar
This comment form collects your name, email address, and content to allow us to keep track of comments placed on this website. Please read our privacy policy for more details.
Save my name, email, and website in this browser cookies for the next time I comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
'Ilvee Tidus'
Member
'Ilvee Tidus'

Innocent people always pay the price. At least it’s their data, not their lives this time.

You Must Be Logged In To Vote-4You Must Be Logged In To Vote  Reply
2 years ago
nwhenry
Member
nwhenry

You mean well but this ransomware is affecting medical care providers.

You Must Be Logged In To Vote4You Must Be Logged In To Vote  Reply
2 years ago
Herbary
Guest
Herbary

Exactly. This has caused mayhem here, especially as the NHS has a lot of legacy software – a lot of it written in ActiveX on windows xp systems. Hardening those was always going to be tough, but not helped when vulnerabilities aren’t disclosed to software vendors!

You Must Be Logged In To Vote0You Must Be Logged In To Vote  Reply
2 years ago
Max L L
Member
Max L L

Did you read the article?

You Must Be Logged In To Vote1You Must Be Logged In To Vote  Reply
2 years ago
IwannaBeFree
Guest
IwannaBeFree

“Innocent people always pay the price.”-
The result of the systems principle.Governments main purpose was intended to protect its highest authority “the people”. Now it just approves for itself ways to use the people unencumbered as a consumable resource. The ultimate penalty of consumerism is how it inevitably brings about its own demise.

You Must Be Logged In To Vote0You Must Be Logged In To Vote  Reply
2 years ago
Adophe Drumpfeld
Guest
Adophe Drumpfeld

“Today’s ransomware attack is a good reminder of two things”

It is also a reminder that people and organisations who run BSD or GNU/Linux systems do not suffer from these Windoze-exploit criminal attacks

You Must Be Logged In To Vote-7You Must Be Logged In To Vote  Reply
2 years ago
matt
Guest
matt

That’s right, they suffer from BSD or GNU/Linux exploit criminal attacks because they’re not Windows.

You Must Be Logged In To Vote2You Must Be Logged In To Vote  Reply
2 years ago
OpenYourMind
Guest
OpenYourMind

It doesn’t make any sense such affirmation. Having an Android phone using the Linux kernel in your pocket doesn’t make you a criminal.

You Must Be Logged In To Vote-5You Must Be Logged In To Vote  Reply
2 years ago
Read Again
Guest
Read Again

You don’t seem to have understood this comment thread. Please read it again.

You Must Be Logged In To Vote5You Must Be Logged In To Vote  Reply
2 years ago
Fax
Guest
Fax

Complete nonsense, this exploit was developed by the NSA and targets the ancient SMB v1.0 protocol (which has it’s roots in IBM OS/2!), any linux OS is just as vulnerable to such an organization and legacy software.

SMB 1.0 was depreciated a long time ago and replaced with much more secure versions but lazy companies and institutions refuse to update their software, hardly Windows or Microsofts fault.

You Must Be Logged In To Vote0You Must Be Logged In To Vote  Reply
2 years ago
Nutella
Guest
Nutella

Staged by banksters.

You Must Be Logged In To Vote0You Must Be Logged In To Vote  Reply
2 years ago

Follow Liliputing:

Facebook Twitter YouTube tumblr RSS Patreon
Disclosure: Some links on this page are monetized by Skimlinks and Amazon's and eBay's affiliate programs.

Latest News

Apple and Spotify bring podcasts to Amazon Echo devices (and other Alexa-enabled gadgets)

Amazon's Echo line of products may have introduced the world to the idea of … [Read More...]

Lenovo Tab M8 HD

Lenovo may have a Chrome OS tablet on the way

Chrome OS tablets have been a thing for the past year and a half or so, but … [Read More...]

Xbox Series X coming in late 2020 (It’s pretty much a gaming PC in console form)

Microsoft has taken the wraps off its next-gen Xbox game console and the Xbox … [Read More...]

Featured articles

Magic Ben MAG1 8.9 inch mini laptop review

It's tricky to make a great mini-laptop. Want a super-small screen and a device … [Read More...]

Amazon Fire tablet hacking resources (Fall 2019 edition)

As usual, Amazon is offering deep discounts on Fire tablets for the holiday … [Read More...]

Dell XPS 13 2-in-1 review (Ice Lake convertible laptop)

Dell's XPS 13 line of laptops have set the standard in recent years for just how … [Read More...]

Login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Copyright © 2019 Liliputing · About Liliputing · Contact Us · Privacy Policy · Go to top of page

wpDiscuz
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.