Microsoft pinned blame on the U.S. government for not disclosing software vulnerabilities after officials across the globe scrambled to catch the culprits behind a massive ransomware worm. Fred Katayama reports.
(REUTERS, MICROSOFT) – Microsoft is blaming the U.S. government for not doing enough to stop a massive cyber attack over the weekend.
The attack was caused by a cyber worm dubbed WannaCry. It’s a “ransomware” that locks up computers and demands money – ransom – to unlock them. Over the weekend, it locked up more than 200,000 computers in more than 150 countries. Among those affected were factories, hospitals, and schools.
In a blog post on Sunday, Microsoft president Brad Smith said government intelligence services knew it was coming but didn’t share enough information with vulnerable companies.
John Miller of Fireeye says lack of information was not the problem.
JOHN MILLER, MANAGER, THREAT INTELLIGENCE, FIREEYE,
“Organizations in theory have the information available to them about what to do with the vulnerability that enables the propagation of this malware, but organizations don’t necessarily all have the resources to patch something like that all at the same time. It has to be prioritized relative to a number of threats and vulnerabilities.”
The non-profit U.S. Cyber Consequences Unit research institute estimates that total losses from the attack would range in the hundreds of millions of dollars. Cyber risk modeling firm Cyence put the tally at $4 billion, citing costs associated with businesses interruption.
The cyber attack spread more slowly on Monday. No major infections were reported.