Thousands of computers around the world are falling prey to a ransomware attack called WCry, although it’s also goes by WannaCry, WanaCryptor, or several other related names. According to the BBC, there have been reports of infected computers in “more than 70 countries, including the UK, US, China, Russia, Spain, Italy, and Taiwan.”

The malware locks users out of their computers unless a ransom is paid in Bitcoin. The National Health Service has been hit in the UK, causing surgeons to cancel operations and emergency rooms to scale back. Spanish wireless carrier Telefonica has also been hit.

The root of the problem? A Microsoft Windows security vulnerability first identified by the US National Security Agency, and released last month by a group called Shadow Brokers.

Update: The WannaCrypt ransomware has been (at least temporarily) halted from causing damage, and Microsoft has taken the unusual step of releasing security updates for all users running Windows XP or newer versions of Windows, even though official support for that OS ended years ago.


To Microsoft’s credit, the company has already released a security update that patches the vulnerability exploited by the WCry ransomware. In fact, the patch was released before the Shadow Brokers published their report.

The problem is that some users are slow to install updates… particularly large corporate or government networks. Microsoft even provides tools that make it easier for those customers to pause or delay updates.

So there are probably millions of vulnerable computers, and we already know that tens of thousands have been affected.

Today’s ransomware attack is a good reminder of two things:

  1. You should always try to stay up to date on security updates for your computer and other devices.
  2. This is what can happen when government agencies like the NSA (or CIA) stockpile known security vulnerabilities rather than making them known to the affected parties so that patches can be released before any damage is done.

To that latter point, if the NSA had let Microsoft know about the flaw as soon as it was discovered, there’s a better chance that many of the computers being infected today could have been protected against the ransomware attack.

And even if Shadow Brokers hadn’t released the NSA’s hacking tools, the vulnerability still existed and it could have been discovered by someone working independently.

Sure, government spy and law enforcement agencies need to be able to conduct covert investigations. But today we’re seeing one of the possible outcomes of keeping a private library of security exploits to do that: innocent people end up paying the price.

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign


Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,502 other subscribers

11 replies on “Ransomware using exploit identified by NSA is wreaking global havoc”

  1. “Today’s ransomware attack is a good reminder of two things”

    It is also a reminder that people and organisations who run BSD or GNU/Linux systems do not suffer from these Windoze-exploit criminal attacks

    1. That’s right, they suffer from BSD or GNU/Linux exploit criminal attacks because they’re not Windows.

      1. It doesn’t make any sense such affirmation. Having an Android phone using the Linux kernel in your pocket doesn’t make you a criminal.

        1. You don’t seem to have understood this comment thread. Please read it again.

    2. Complete nonsense, this exploit was developed by the NSA and targets the ancient SMB v1.0 protocol (which has it’s roots in IBM OS/2!), any linux OS is just as vulnerable to such an organization and legacy software.

      SMB 1.0 was depreciated a long time ago and replaced with much more secure versions but lazy companies and institutions refuse to update their software, hardly Windows or Microsofts fault.

      1. Exactly. This has caused mayhem here, especially as the NHS has a lot of legacy software – a lot of it written in ActiveX on windows xp systems. Hardening those was always going to be tough, but not helped when vulnerabilities aren’t disclosed to software vendors!

    1. “Innocent people always pay the price.”-
      The result of the systems principle.Governments main purpose was intended to protect its highest authority “the people”. Now it just approves for itself ways to use the people unencumbered as a consumable resource. The ultimate penalty of consumerism is how it inevitably brings about its own demise.

Comments are closed.