WannaCry Ransomware: Microsoft Calls Out NSA For ‘Stockpiling’ Vulnerabilities

Microsoft’s top lawyer has called on governments around the world to treat the worldwide cyber attack as a “wake-up call” as he laid part of the blame at the door of the United States administration.


Smith has argued in the past that digital weapons need to be treated in the same way as physical ones, governed by a “Digital Geneva Convention” that would limit the stockpiling of computer vulnerabilities that can cause widespread damage if they end up in the wrong hands.

Although Microsoft patched the vulnerability in March, the ransomware preys on older systems, like those at National Health Service hospitals in England, which heavily rely on Windows XP.

The aggressive malware, dubbed WannaCrypt, utilized a previously reported vulnerability found within the Windows operating system produced by Microsoft.

Smith said in a company blog post that governments should alert vendors to software vulnerabilities instead of hoarding them and keeping them secret.

“This attack has reportedly infected more than 200,000 computers, including hospitals, businesses, and government facilities across the globe”.

In this context it’s perhaps worth remembering that past year Apple came under tremendous pressure to create a special version of iOS for the US government, under the promise that it would never escape their safe hands and get into the wild.

The attack works by encrypting data on infected computers, preventing users from accessing this until a ransom – in the range of several hundred USA dollars – is paid using the BitCoin currency that makes it hard to trace or recover.

Over the weekend, a cyber attack the likes of which the world has never seen held important data, pictures, and information hostage demanding Bitcoin ransom payments from anxious users everywhere.

“This is an emerging pattern in 2017”, continued Smith.

“ShadowBrokers are back” tweeted Matthieu Suiche, a French hacker and security researcher who has tracked the group.

Reports suggest that over two lakh systems globally could have been infected by the malicious software.

“As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems”, BBC quoted Smith as saying.

The WannaCry software is particularly virulent because it doesn’t necessarily require users to take any action, like clicking a link or downloading software, to spread; it can also spread automatically through file-sharing systems on networks.

Smith’s statement made no mention of pirated Microsoft software, users of which can not download the security patch.


The company on Friday said it had added additional protection against the specific malware, and was working with affected customers.

RBI asks ATMs to shut because of ransomware