Thousands of computers around the world are falling prey to a ransomware attack called WCry, although it’s also goes by WannaCry, WanaCryptor, or several other related names. According to the BBC, there have been reports of infected computers in “more than 70 countries, including the UK, US, China, Russia, Spain, Italy, and Taiwan.”
The malware locks users out of their computers unless a ransom is paid in Bitcoin. The National Health Service has been hit in the UK, causing surgeons to cancel operations and emergency rooms to scale back. Spanish wireless carrier Telefonica has also been hit.
The root of the problem? A Microsoft Windows security vulnerability first identified by the US National Security Agency, and released last month by a group called Shadow Brokers.
Update: The WannaCrypt ransomware has been (at least temporarily) halted from causing damage, and Microsoft has taken the unusual step of releasing security updates for all users running Windows XP or newer versions of Windows, even though official support for that OS ended years ago.
To Microsoft’s credit, the company has already released a security update that patches the vulnerability exploited by the WCry ransomware. In fact, the patch was released before the Shadow Brokers published their report.
The problem is that some users are slow to install updates… particularly large corporate or government networks. Microsoft even provides tools that make it easier for those customers to pause or delay updates.
So there are probably millions of vulnerable computers, and we already know that tens of thousands have been affected.
Today’s ransomware attack is a good reminder of two things:
- You should always try to stay up to date on security updates for your computer and other devices.
- This is what can happen when government agencies like the NSA (or CIA) stockpile known security vulnerabilities rather than making them known to the affected parties so that patches can be released before any damage is done.
To that latter point, if the NSA had let Microsoft know about the flaw as soon as it was discovered, there’s a better chance that many of the computers being infected today could have been protected against the ransomware attack.
And even if Shadow Brokers hadn’t released the NSA’s hacking tools, the vulnerability still existed and it could have been discovered by someone working independently.
Sure, government spy and law enforcement agencies need to be able to conduct covert investigations. But today we’re seeing one of the possible outcomes of keeping a private library of security exploits to do that: innocent people end up paying the price.