The ransomware has hit various IT systems in more than 150 countries, including Russian Federation and the United Kingdom, in one of the most widespread cyber attacks in history.
As a new cyber attack continues to sweep across the globe, the company is once again at the center of the debate over who is to blame for a vicious strain of malware demanding ransom from victims in exchange for the unlocking of their digital files.
Microsoft president and chief legal officer Brad Smith took aim at the US government over the ransomware campaign, describing it as a "wake-up call" for governments to stop "stockpiling" vulnerabilities for intelligence purposes. "This was a tool developed by culpable parties, potentially criminals or foreign nation-states, that have put it together in such a way so that they deliver it with phishing emails, put it into embedded documents, and cause infection, encryption, and locking".
Alex Abdo, a staff attorney at the Knight First Amendment Institute at Columbia University, said Microsoft and other software companies have strategically settled lawsuits that could lead to court rulings weakening their licensing agreements. Still, he said Microsoft should accept some responsibility. "I do not think that machines will be particularly vulnerable to such malware attacks, which encrypt files", said the chief executive of an ATM manufacturing company. But the kicker is that Microsoft had already issued a fix for this flaw nearly two months ago.
The Department of Homeland Security began an "aggressive awareness campaign" to alert industry partners to the importance of installing the Microsoft patch shortly after it was released in March, an agency official working on the attack said.
The ransomware cyber-attack that occurred on May 12, 2017, has wreaked global havoc as computers using the Microsoft Windows XP and 2003 operating systems had their data encrypted by unknown perpetrators who demanded victims pay a ransom for their data to be decrypted. The company had already been supporting it longer than it normally would have because so many customers still used it and the effort was proving costly. The fact that it only works against old Windows systems shows that it is specifically directed against civilian infrastructure, such as public sector networks that are often administered cheaply, by overworked and less qualified information technology professionals, on obsolete hardware, with software that won't run on Windows 10.
But with Microsoft making an exception this time and providing the patch free to XP users, it may come under pressure to do the same next time it issues a critical security update. The precedent may impact other software sellers too. By owning it, he was not only able to see where computers were accessing the ransomware from, but it also triggered part of the ransomware's code - a kill switch - that stopped it from spreading.
Ransomware has been an irritation for more than a decade, but only in the last few years has it become a real problem.
Call it a "hack" or an "attack" or what you will, the WannaCry ransom ware issue that's hitting the news is something to keep up on.
"The governments of the world should treat this attack as a wake-up call", Smith said.
The ransomware threat is particularly predominant in the country, where almost 60% of Indians use pirated software, according to a 2015 survey.
From there, it was relatively easy for only moderately sophisticated hackers to code up the WannaCry virus. This is the much-hyped Internet of Things (IoT). However, there were speculations that some banks in Kerala, Andhra Pradesh had got affected by the cyber attacks.
This is a big reason why major tech companies like Apple are sometimes hesitant to help the USA government hack their own devices or install backdoors in them: Once the government loses control of the knowledge of those security holes, they can be exploited and adapted by anyone.