Who Is Responsible for the WannaCry Attack?

On May 12, 2017, what is believed to be the largest ransomware attack in history occurred on the internet.

A global search is heating up trying to locate those who are responsible for the attack.

While this search is occurring, there is also a question of how much blame for the attack should be placed on Microsoft. This is because the WannaCry attack took advantage of a weakness that was already existing in the Microsoft operating systems.

The President and Chief Legal officer of Microsoft, Brad Smith, posted a blog post discussing issues regarding this cyberattack. The post emphasized how they had already released a security update in March to protect against the vulnerability that the WannaCry software took advantage of, but that many computers did not or were unable to update their systems. He also discussed how cybersecurity should be a responsibility that is shared with the customers using the technology products and the technology companies that create those products. In his blog post, Mr. Smith also took the time to shift some of the blame to the United States Government because the ransomware that was used in this attack was one that was being kept by the NSA and was stolen from the government agency.

For those with older computer systems such as, Windows XP, there was no option for them to update their systems to be protected against this ransomware because Microsoft no longer supports that operating system. After the WannaCry attack, Microsoft took what they are calling an unusual step and provided a security update to those who were in Windows platforms that are no longer being updated. This security update is being provided to those with Windows XP, Windows 8, and Windows Server 2003. Windows 10 was not included because Microsoft stated they were not the ones who were being targeted by the attack. Previously those with the outdated computer software were only able to receive support from Microsoft if they paid for customer support.

It seems that some experts believe that Microsoft shouldn’t simply abandon these older computer systems and has a responsibility to ensure those computers are protected. Other experts believe that Microsoft has no duty to support or update its software indefinitely. These experts instead believe that this encourages people to update their software in order to get the most protection.

The current estimate is that there are 200,000 victims of the recent cyberattack. Because this attack was spread throughout many different countries, this means that we will likely need some collaboration between different governments if we want a chance at catching the culprits. The regions that were most impacted by this attack were Europe and Asia.

Trying to catch a cybercriminal is similar to trying to catch an ordinary criminal in that you need to identify, track, and locate the criminals.  In this case, law enforcement agencies are trying to look at the emails and networks servers to see if there are any hidden clues. The emails sent containing the phishing email is the main evidence that is being used to try and discover who was behind this cyberattack.

At our law firm, we assist clients with legal issues related to online privacy, cybersecurity, and e-commerce transactions.  Please contact us to set up an initial consultation.