ransomwareWho’s to blame for the ongoing global ransomware attack? Obviously, the people that developed the ransomware. The only problem is that those people are (at least in part) the NSA.

The ransomware, known as WannaCry or WannaCrypt0r, uses an exploit originally developed by the National Security Agency (NSA). Rather than discretely telling Microsoft about the vulnerability so they could patch it, the NSA had held onto it as part of their suite of spying tools. They did eventually inform Microsoft, but only after the exploit had been released by hackers in April 2017.

The scale of the attack is unprecedented. Hundreds of thousands of computers have been affected in over 150 countries. Users logged on to discover they had been locked out of their files, and received a message from the hackers telling them the only way to decrypt their images, files, and data would be to pay a bitcoin ransom. Cybersecurity experts are recommending that people do not pay the ransom, because there is no guarantee they will get their files back.

Ransomware is not new, but this particular attack is combined with a worm that allows it to spread across networks, infecting multiple computers within an organisation. Large public organisations, such as the NHS in the United Kingdom, have been affected. Many private firms may also have been hit, but will be reluctant to make this fact public, fearing their reputation could be damaged.

The attack has reignited the debate around access by the intelligence agencies to personal data. It is seemingly not possible for intelligence agencies to retain a “backdoor” into data that cannot also be exploited by criminals. So, perversely, are spy agencies making us less safe by not working with companies to patch these vulnerabilities as quickly as possible?

Should spy agencies always tell companies their systems can be hacked? And is Europe prepared for the next wave of cybercrime? Let us know your thoughts and comments in the form below and we’ll take them to policymakers and experts for their reactions!



13 comments Post a commentcomment

What do YOU think?

  1. Thomas Baldwin

    Maybe these companies should be researching their own products to find the holes in their code! ANYONE can be hacked!

  2. Nando Aidos

    Companies should be responsible for their security.
    Spy agencies may provide a service to companies.
    Let us not regulate down to the size of our underwear… or the color… PALEASE!

  3. Daniel Parvanov

    They should as if they found it some other can found it too that could lead to what happened now with computers (even governments are affected ) and virus creator has all infected computers data which additionally can be sold…

  4. Peter S

    More than one party is responsible for the affects WannaCry has shown.
    1. System owners failed to update – bad enough. More worse that organizations like NHS or DB didn’t pay attention. Something wrong in these organizations.
    2. Agency obviously knew about the second component of this attack, which allowed the worm to spread. It indicates they do not see their responsibility.

  5. SD

    Dozens of especially 1st World Nations would have known about this as they would have had such tools available to them so this goes way beyond the USA and it’s Spy Agencies. They knew about this for well over 1 decade AND THEY DID NOTHING. As a matter of fact the only thing they did do is make sure it remained secret.

required
required Your email will not be published

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of new comments. You can also subscribe without commenting.