Microsoft withheld update that could have slowed WannaCry

Microsoft withheld update that could have slowed WannaCry

Who's being targeted for blame?

The hackers use tools stolen from the US National Security Agency (NSA) and released on the internet. Businesses have to meet certain regulations and agreements with vendor partners - all of which can can take years.

"There are plenty of reasons people wait to patch and none of them are good", said Mador, a former long-time security researcher for Microsoft.

Here are some of the key players in the attack and what may - or may not - be their fault.

It is believed that Microsoft rolled out the firmware only to the Windows 10 series, as the company had stopped software support for Windows Vista version last month. That all makes sense, but it's also leaving them open to attack. McNerney said, however, that no top government official emphasized the seriousness of the vulnerability.

In response to this incident, Microsoft's president, Brad Smith, criticised the NSA for "stockpiling" software code that could be exploited by hackers. If patches for vulnerabilities are distributed, apply them quickly, and don't open suspicious file attachments. "It was the worm portion of this event, which used a vulnerability only patched by Microsoft in March that probably contributed to the speed of the propagation". The U.S. government still uses tech five decades old; it spends more than $60 billion on legacy technology, and just $20 billion on modernization efforts.

Ransomware attack should be wake-up call for governments
The domain was not registered, so the virus simply moved on to new targets until a researcher bought it for $11. Wainwright described the cyberattack as an "escalating threat".

It's hard to blame Microsoft, Litan said, since it issued fixes and generally did what it should. "That's what this software tries to achieve", wrote Guinet.

Microsoft ended up distributing the free patch for the older versions on Friday - the day the ransomware was detected. "Those were extremely vulnerable because they had their systems running for a long time without updates", he says. It would enable them to efficiently manage any breach they experience with the help of third party experts, such as forensic IT investigators, PR agencies and legal advisors, in line with their legal and regulatory obligations. After it creates this key the interface erases the key on most versions of Windows. He noted, however, the complexity that can be involved in patching a security hole.

Two security researchers who investigated the attack told Reuters that rival lender VTB was attacked, but they said it was unclear if any damage to the bank's system resulted, or what the extent of any damage had been. Multiple backups also help. This is why many users even after paying the ransom have not been able to get their data back.

"It's not rocket science", Litan said.

It was too early to say what the overall cost of the attack to the public purse would be, the spokesman said. Asked what the company is doing to prevent such exploitations, he cited "basic IT security blocking and tackling".

The central bank said in a statement it had sent recommendations to Russian banks on updating their Windows software in April before the Wannacry attack, which it said it had recorded on May 12. Once all the files are encrypted, it will display a message asking for a sum of money as ransom to unlock the encrypted data.