Microsoft president Brad Smith has criticized the U.S. government for “stockpiling” cyber weapons that played a part in last week’s global ‘WannaCry’ ransomware attacks.
The malicious software encrypted files and held them at ransom for $300 in bitcoin. Hundreds of thousands of computers in hospitals, businesses, schools and more were affected across the globe.
In a blog post, Smith said that the technique used by hackers to initiate the WannaCry attacks (also called “WannaCrypt”) was developed and stolen by the U.S. National Security Agency (NSA).
“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” Smith wrote. “Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.”
Smith said this situation presents a “wake-up call” to organizations around the world to not stockpile vulnerabilities. Instead, he says report issues should be reported in a timely manner to tech companies like Microsoft, who can then attempt to fix them.
For Microsoft’s part, Smith says the company will continue to assess WannaCry and other cyber attacks to “strengthen [its] capabilities” and share anything learned accordingly with governments, law enforcement agencies and customers.
He said that customers should also ensure their devices are as protected and up to date as possible.
Some of the best practices for keeping information safe can also be found here.
Source: Microsoft blog