20 May, 2017
"You must have read the news that recently computers in many countries have been attacked by a WannaCry Ransomware that encrypts the core system files of your computer and shuts down the operating system". The most serious of which has been the National Health Service (NHS) of the United Kingdom which holds patient care information.
The idea behind the policy is that while security exploits can be used by American agencies for intelligence gathering, there is no reason that other actors - including foreign governments, terrorist organizations or criminal enterprises - couldn't devise similar tools to steal information for their own purposes.
Are victims paying the ransom?
"It's no longer a cost of doing business", said R. David Edelman, who advised President Barack Obama on technology.
The WannaCry attacks generated some $50,000 in Bitcoin ransom payments according to reports earlier this week, and the virus may linger in computer systems for quite a while.
"Anytime something like this happens, we wonder if this will be the tipping point".
Who's being targeted for blame?
Microsoft said it had taken the "highly unusual step" of releasing a patch for computers running older operating systems including Windows XP, Windows 8 and Windows Server 2003. Linux, Mac or any unix based OS are not affected. As Apple has gained more marketshare, its products have become a much bigger target for attackers.
Unfortunately, numerous millions of computers now still running the 2001 operating system never received those updates because their owners refused to pay for it. So, people should make sure they have an active such software.
Who's behind the WannaCry attack? Even though there are ways to install the latest updates on updates on Windows which are not genuine, Microsoft is also implementing restrictions every once in a while, so depending on the release, it could be more or less hard to patch a pirated Windows copy.
But many users had not installed the patch by the time EternalBlue was dumped on the Internet in April.
If I were on Windows, I'd take all this very seriously.
As CNet states: "Microsoft is criticizing government agencies for hoarding software flaws and keeping them secret, calling a massive, new ransomware attack a "wake-up call" to this problem".
While the ransomware disrupted telecommunications companies, hospitals and other organizations globally, Bossert emphasized during the daily White House press briefing held Monday afternoon that the "U.S. infection rate has been lower than many parts of the world" with only a "small number of affected parties in the U.S".
"The operating systems on our computers and software downloads are managed centrally so that regular users can not download executable files from the internet without administrative rights", he said in an email. But you can also set your devices to install those updates automatically so you don't even have to think about it. Hackers prey on complacency.