Smart Buyer
  • Shop On NeweggBusiness
  • Categories
    • Buying Guides
    • Components
    • DIY and How-to
    • Industry Trends
    • NetSec
    • Networking
    • Storage
    • Systems – PC & Laptop
    • Windows
  • About
  • Why NeweggBusiness?
  • Contact Us
Top Posts
PC Cooling: How to Set up Computer Case...
5 Ways to Stream from PC to TV...
How to Choose the Correct RAM Upgrade
How to Troubleshoot a PC Power Supply
Four Apps that Make Your Tablet a Second...
2019 Solid State Drive (SSD) Buying Guide
6 Reasons Your PC is Slow and How...
How-to Guide: Small Office Network Setup
Born in the USA: Computer Hardware Made in...
Computer Monitor Buying Guide 2019

Smart Buyer

  • Shop On NeweggBusiness
  • Categories
    • Buying Guides
    • Components
    • DIY and How-to
    • Industry Trends
    • NetSec
    • Networking
    • Storage
    • Systems – PC & Laptop
    • Windows
  • About
  • Why NeweggBusiness?
  • Contact Us
NetSec

Who’s to Blame for Ransomware: Microsoft, NSA, or You?

by Adam Lovinus May 15, 2017
by Adam Lovinus May 15, 2017 0 comment 5285 views

Weekend attacks of the ransomware WannaCry— aka WannaCrypt, Wanna Decryptor, WanaCypt0r—created a widespread panic Monday morning for about 230,000 users in 150 countries. European governments and business were affected most; a MalwareTech researcher contained it before it could impact the US to the extent it did overseas.

The impressive scale of the attack is unprecedented, and provokes finger-pointing and assigning of blame in the tech community. Narratives include:

  • The NSA is at fault for stockpiling vulnerabilities it discovers. (Microsoft blog)
  • Microsoft corporate greed motivates discontinued support for old systems. (NY Times)
  • Hardware can’t keep up with software updates. (The Verge)

Meanwhile, mainstream news outlets are answering questions like: what is ransomware? How can I avoid ransomware? How much is a BitCoin?

We are firmly in buzzword status with ransomware as a term. Look at this ridiculous Google Trends graph.

Is anybody listening? Tips to avoid ransomware should be common knowledge by now, but there is apparent confusion around what it does. Let’s establish a sensible premise for answering a question like what is ransomware?

  • Ransomware is a malicious file that locks users from endpoints and server data.
  • Ransomware lockouts of this scale exploit known holes in operating system and server software.
  • WannaCry is a “worm”-style malware that scans and spreads on a network by targeting vulnerable systems identified by signals in network protocol. (Cisco Talos blog)
  • Ransomware files are often introduced to the network by humans, who get tricked into giving logon info, or by downloading a file they should not.

What Microsoft knew prior to the outbreak, and actions they advised:

  • Microsoft learned of WannaCry exploits and issued a patch two months before the attacks.
  • All current supported Windows versions – Windows 10, Window 8, Windows 7, Server 2016, Server 2012, Server 2008 – were availed to the update in March.
  • MS availed the WannaCry as a Windows XP security update, and Server 2003 update—it is out of the ordinary for MS to patch out-of-support software.

Characteristics about how victims of the WannaCry treat security:

  • In the UK, the Nation Health Service incurred 16 systems taken hostage. NHS had heavy use of Windows XP in its infrastructure; NHS heads decided to forgo upgrades and extended support in 2015 (Register)
  • Russian computers are, by far, the most affected by WannaCry. Russia are the biggest purveyors of pirated Windows software, which is not patched by the company. (Media Piracy in Emerging Economies)
  • Expired support or not, Windows XP is still widely used everywhere in the world—even in the U.S. The US Navy Windows XP support costs millions. Attackers put ransomware on City of Detroit servers running unsupported Windows XP.

Local TV news gets it right

Morning show anchors on TV news are providing sound advice on the topic for generalists. The kind of advice people responsible for big time networks ignored.

  • Only use up-to-date operating systems on your computer
  • Don’t open shady-looking e-mails; avoid downloading random files
  • Make backups of your data; deploy backups to get rid of ransomware

Avoiding ransomware means taking responsibility

Love it or hate it, Windows licensing has one clear cut message: out of support software risks ransomware and other attacks. It’s the only straightforward part of the licensing process.

It is difficult to place the blame on anyone but the business or public entity that fails to keep licensing and security up to date despite months and years of warnings from the vendor (and me).

A business network setup must involve firewall protection, endpoint security software, and malware detection—a multi-layered approach to cybersecurity. Untrained users will click on anything; get them up to speed about how to sniff out suspicious links should it penetrate network defenses.

Tight budget? No excuse! Learn how to conduct free staff training for cybersecurity in your workplace.

Adam Lovinus

Adam Lovinus

A tech writer and Raspberry Pi enthusiast from Orange County, California.

More Posts - Website - Twitter - LinkedIn - Google Plus

Summary
Who's to Blame for WannaCry: Microsoft, NSA, or You?
Article Name
Who's to Blame for WannaCry: Microsoft, NSA, or You?
Description
The impressive scale of the attack is unprecedented, and provokes finger-pointing and assigning of blame in the tech community. Don't blame the NSA or Microsoft; blame yourself.
Author
Adam Lovinus
HardBoiled | NeweggBusiness
HardBoiled | NeweggBusiness
cybersecurityransomware
0 comment
0
FacebookTwitterGoogle +PinterestEmail
Adam Lovinus
Adam Lovinus

A tech writer and Raspberry Pi enthusiast from Orange County, California.

previous post
This Wi-Fi School Bus Is What Digital Divide Looks Like
next post
6 Best Chromebooks for the Classroom Under $200

Related Posts

Remote Workforce Security: Tips and Best Practices

December 9, 2020

Aruba Instant On Wants to Simplify Your Small...

August 2, 2019

What is ‘Fileless’ Malware Found Inside Server Hardware?

October 4, 2018

How to Layer Antivirus Software Without Slowing Your...

May 21, 2018

Securing the Office Printer in Six Steps

May 14, 2018

How to Wipe a Hard Drive Securely

April 23, 2018

Six Router Features That Optimize Small Business Networks

March 21, 2018

Secure a Wireless Network with Access Point Isolation

March 7, 2018

How to Work Remotely While Keeping Secure and...

November 14, 2017

Tips for Ransomware Removal, Detection, and Prevention

November 1, 2017

What's your take? Cancel reply

Subscribe

Savings Spotlight
  • 1

    PC Cooling: How to Set up Computer Case Fans

    September 25, 2015
  • 2

    5 Ways to Stream from PC to TV or Digital Display

    May 23, 2016
  • 3

    How to Choose the Correct RAM Upgrade

    April 28, 2015
  • 4

    How to Troubleshoot a PC Power Supply

    July 11, 2018
  • 5

    Four Apps that Make Your Tablet a Second Monitor

    January 9, 2018
  • 6

    2019 Solid State Drive (SSD) Buying Guide

    December 6, 2018
  • 7

    6 Reasons Your PC is Slow and How to Fix It

    February 28, 2019
  • 8

    How-to Guide: Small Office Network Setup

    December 20, 2018
  • 9

    Born in the USA: Computer Hardware Made in America

    September 27, 2018
  • 10

    Computer Monitor Buying Guide 2019

    January 4, 2019

Newegg + Business

How is this different from Newegg.com?

Why NeweggBusiness?
  • Facebook
  • Twitter
  • Linkedin
  • Email