Brad Smith Microsoft

The morning of Friday, 12th of May, the world experienced one of the biggest cyberattacks of the decade so far. The so-called “WannaCrypt” ransomware program so far has targeted more than 230.000 computers running Microsoft Windows in 150 countries.

Microsoft has responded to the massive hack by slamming the U.S. government and its agencies.

The President of the company, Brad Smith, has taken to the company’s website to explain the lessons that everyone needs to learn from the grand-scale cyberattack.

Smith explains in his blog post that the government agencies put the digital world in danger, saying that the main problem is the “stockpiling of vulnerabilities by governments.

He then proceeds on giving examples like the vulnerabilities stored by the CIA which showed up on WikiLeaks.

“Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.

An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world.”

Screenshot of the ransom note left on an infected system – Image: Wikipedia

The “WannaCrypt” ransomware

But what exactly is “WannaCrypt”? The latest ransomware software to hit Microsoft Windows started first in the United Kingdom and Spain. The malicious software quickly spread worldwide, blocking users from their data unless they paid ransom using Bitcoin.

Earlier this year, the NSA reported that someone stole these exploits from them. In response, Microsoft released a security update on March 14, to patch this vulnerability. However, as Smith points out, “many computers remained unpatched globally.

As a result, hundreds of thousands of computers in hospitals, governments, businesses, and homes, were affected by the attack. Among the affected parties were Telefonica, parts of Britain’s National Health Service, FedEx, Deutsche Bahn, and LATAM Airlines.

Microsoft provides guidance on how to deal with the WannaCrypt attacks.

Countries initially affected by the ransomware attack – Image: Wikipedia

A Digital Geneva Convention

In addition to his criticism of the U.S. government and its agencies, Brad Smith asks once more for a “Digital Geneva Convention”. The President of Microsoft discussed the same issue back in February at the RSA Conference in San Francisco.

Smith then said that the world needs a Digital Geneva Convention that “will commit governments to protecting civilians from nation-state attacks in times of peace.” He gave examples such as the fact that 74% of the world’s businesses expect a cyberattack each year.