Where Does Microsoft Fit in on WannaCry's Ransomware Attack?

Cyber Security Investing
Security Investing

The ransomware attacked computers in roughly 153 countries, igniting speculation that Microsoft is part to blame.

If you’ve been on a computer at all the last few days, chances are you’ve heard about the latest ransomware attack that struck computers in roughly 150 countries on Friday (May 12).
Here’s the rundown, if you’ve been out of the loop: according to Vox.com, the software called WannaCry first hit the UK’s National Health Service on Friday. The ransomware inscribes files on an individual’s computer and then demands a ransom to get them back. For example, the ransom might be payment between $300 and $600 bitcoins to get the system back.
UpRoxx further states that once the ransomware is on a computer, it takes over and “spread the payload to any machine it can breach.”


By Monday (May 15), it was reported that WannaCry had impacted approximately 300,000 systems around the world, resulting in what has been called the “largest such cyber assault of its kind.”
The same day, other reports suggested evidence linked North Korea to the attacks. According to Reuters, a researcher from Hauri Labs in South Korea said according to their findings, they were able to match those of Symantec and Kaspersky Lab. As noted in the article, code from a prior version of WannaCry was linked to programs used by the Lazarus Group, identified as a hacking operation in North Korea.
Now, you might be asking yourself, “where does Microsoft (NASDAQ:MSFT) fit in on this?”
On Sunday (May 14)–two days after the software started spreading around the world–the company’s president and Chief Legal Officer, Brad Smith, issued a statement regarding the attacks.
Smith said that in March Microsoft released a security update to patch computers and protect customers, which runs on approximately 80 percent of desktop computers around the world. However, he added that “many computers remained unpatched globally.” Many of the affected users allegedly were using older versions of Windows, which are no longer supported by Microsoft.
The New York Times reported that, not long after the March release of the patch, a group called “Shadow Brokers” unveiled hacking tools that take advantage of the “vulnerabilities” fixed in those patches.
Fast forward to May. Fortune reported that the ransomware was bad enough that Microsoft issued patches for versions of Windows dating back to 2003. In a separate Microsoft announcement, security updates were released on May 12 for Windows XP, Windows 8 and Windows Server 2003.
“The recent global ransomware attack exploiting a flaw in Windows, while serious, not only demonstrates the continued ubiquity of Microsoft, but also highlights that many of the affected enterprises or entities that are still using older, and now unsupported, versions of Windows need to accelerate their plans to upgrade to Windows 10,” analyst Michael Nemeroff said in a note to clients on Monday.

Despite this, Smith placed the blame the US government for the attack instead. In particular, he said the attackers found a “crucial” Windows vulnerability in the data stockpiled by the US National Security Agency, adding that situations like this are becoming too common in 2017.
“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” he said in the statement. “Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.”
That said, others have been less inclined to place the blame solely on the US government, but rather Microsoft instead.  Take the above-noted New York Times article, for example.  The author, Zeynep Tufekci, put the sole blame on Microsoft for the company’s decision that it will no longer support older versions of Windows.
“Companies like Microsoft should discard the idea that they can abandon people using older software,” Tufekci wrote. “The money they made from these customers hasn’t expired; neither has their responsibility to fix defects.”
Since Smith’s post on Sunday, shares of Microsoft took a bit of slide on Monday, but were back on the rise by Tuesday. As of 5:37 p.m. EST, shares of Microsoft were $69.41–a 1.43 percent increase over a one-day period.
Don’t forget to follow us @INN_Technology for real-time news updates!
Securities Disclosure: I, Jocelyn Aspa, hold no direct investment interest in any company mentioned in this article.
The Conversation (0)
×