WannaCry exploit theft is like “US Tomahawk Missile Stolen” – Says Microsoft

Following a biggest outspread of ransomware till date – called WannaCry, hit public and private organisations including education institutes, multinational companies and hospitals worldwide, Microsoft has now finally confirmed the involvement of Windows exploits that were developed by NSA, got stolen and leaked.

WannaCry ransomware attacked the big organisations’ connected computers and networks globally which also count at least Pakistan’s Shaukat Khanum Cancer Hospital. It led affected firms and organisations immediately shutdown their computers and networks completely or partially. Some also terminated providing their public services and stopped business activities.

Sooner after the attack, it was reported to have linked with Windows exploits which were developed by NSA and were hacked earlier by the team known as Shadow Brokers. The hackers then leaked the tools online.

Even though, Microsoft had released a security update to patch those vulnerability a month earlier than the leak actually occurred. The software giant never officially confirmed about NSA references in the development of exploits as the US Government didn’t comment on the exploits that were leaked or stolen from the authorities.

NSA Hacked Tools

But yesterday, Microsoft has released detailed article explaining the urgent actions for people’s safety online. It now has confirmed that the Windows exploits were indeed developed by NSA, however, the software giant refrained from mentioning the purpose – which is already reported as the US security agency developed these exploits to hack into SWIFT banking systems.

The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States. That theft was publicly reported earlier this year.

Microsoft told that the so-called “ransomware” is just one example of many types of cyberattack. 

“We take every single cyberattack on a Windows system seriously, and we’ve been working around the clock since Friday to help all our customers who have been affected by this incident.” confirmed Brad Smith, President and Chief Legal Officer at Microsoft, while explaining “consumers and business leaders have become familiar with terms like “zero day” and “phishing” that are part of the broad array of tools used to attack individuals and infrastructure.”

WannaCry Ransomware Popup

Brad told that the measurements they have been taking to help their customers include “to assist users with older systems that are no longer supported.”

Microsoft seems to have taken this attack more seriously than ever before “clearly, responding to this attack and helping those affected needs to be our most immediate priority.”

Exploit Theft from NSA is equivalent  to U.S. military’s Tomahawk missiles stolen

While the technology company feels responsible and acting instantly to provide safety to its customers, Microsoft further holds governments responsible for stockpiling vulnerabilities — as it’s CIA which developed and stored them for their use, they then show up on WikiLeaks, and then these exploits are stolen from NSA, and has affected customers globally.

Tomahawk Missile Diagram / Photo – NEWSINFOGRAPHICS

Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.

Microsoft wants governments of the world to treat this attack just like the conventional weapons if they were stolen. It also referred to its new proposal of the Digital Geneva Convention that it called in February.

“We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.” Governments need to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.

Microsoft calls the tech sector, customers, and governments to work together to protect against cybersecurity attacks. “More action is needed, and it’s needed now. In this sense, the WannaCrypt attack is a wake-up call for all of us. We recognize our responsibility to help answer this call, and Microsoft is committed to doing its part.”