The massive ransomware attack that began last week and hit computers around the world should send a “wake-up call” to governments that have kept vulnerabilities secret to exploit them, Microsoft President and Chief Legal Officer Brad Smith said yesterday in a blog post.
The WannaCry or WannaCrypt ransomware attack deployed a Windows exploit that the National Security Agency had used for its own purposes until it was leaked in April by the hacking group Shadow Brokers. By that time, Microsoft had discovered the bug on its own and issued a security update, but many users with older versions of Windows no longer receive such updates.
As a result, numerous organizations such as the U.K.’s National Health Service have found themselves unable to access vital data because their files were encrypted by the cyberattack, which demanded ransom payments in the Bitcoin digital currency to unlock information.
More than 200,000 victims in at least 150 countries have been hit so far by the ransomware, which has netted the party responsible at least $49,000 in Bitcoin payments, according to recent news reports. Some of the victims have reportedly regained access to their files after paying, although security experts advise against complying with ransom demands.
‘Consider the Damage’
Calling for a “Digital Geneva Convention,” Microsoft’s Smith said the widespread damage caused by the ransomware shows that governments need to treat cyber weapons the same way they treat conventional weapons.
“The governments of the world should treat this attack as a wake-up call,” Smith said. “They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
Former NSA contractor and whistleblower Edward Snowden echoed…