Microsoft has said that the ransomware attack that hit enterprises using its Windows operating system around the world on Friday (May 12th) should be seen as a “wake up call”.
The WannaCry – also known as WannaCrypt – attack affected organisations such as the UK’s National Health Service (NHS), Spain’s telephone operator Telefonica, a number of French Renault factories and US delivery company FedEx, among others. It blocked users from accessing their data unless they paid a ransom.
It hit the NHS at around 12:30, freezing and encrypting files. When workers attempted to use the computers, they were met with a demand for $300 (£233) in the bitcoin currency. It resulted in hospitals being unable to access their data, which then led to their inability to effectively treat patients. Many had operations cancelled and were turned away from accident and emergency departments.
Now Microsoft has said that the hackers used exploits drawn from those stolen from the US’ National Security Agency (NSA), which was publicly reported this year. Microsoft said that a month before that happened, it had released an update to patch this vulnerability.
In a blog post, Microsoft president and chief legal officer Brad Smith wrote: “While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally. As a result, hospitals, businesses, governments, and computers at homes were affected.”
He went on to add that this recent attack is a reminder that IT “basics”, like keeping computers current and patched, are a responsibility for everyone, and that every top executive should support them.
It was feared that there would be more attacks as the new week began, but few have been reported.