Wednesday, May 17, 2017

WannaCry: What if . . . ?


You won't actually need any hard evidence to believe this, will you?  Oh, good!  I didn't think you would.

So the usual sources are blaming North Korea for the WannaCry ransomware attack, a reflex response when they can't think of anything better.  I can think of something better!  First, let's review the "facts" that have been made available.

The attack exploited a vulnerability in Windows first discovered by the NSA, then "mysteriously" leaked on the darkweb.  Microsoft promptly released a patch to block that vulnerability, which was automatically downloaded and installed on the newest version of its operating system, protecting all those who had paid for the software.  The scale of the attack was unprecedented, as was the publicity surrounding it.  Almost none of those targeted have paid the suspiciously low ransom to have their data decrypted, possibly because the scale and publicity of the attack makes it seem unlikely that the hackers ever would keep their promises to the victims.

So who's been hurt?  Well, there were those using older versions of Windows, like the British National Health Service — starved for cash under the Conservatives, and still limping along on Windows XP for want of money to pay for an update.  Then there were the vast numbers using pirated versions of Windows, especially in Russia and China, whose systems couldn't download the patch.  Also, presumably, there was a tiny fraction who had paid for the latest version of Windows but had the automatic update feature off.

Now, as they like to say in Latin, cui bono?  Who benefits from a worldwide attack, especially considering how all of the ransom money actually paid is still sitting in inactive Bitcoin wallets?  Who, perhaps, has been royally pissed off because of all the piracy of Windows software, and not terribly pleased with those who figure they don't need all the bells and whistles of Windows 10?

Microsoft had access to all the code involved; Microsoft's good customers had the patch in advance.  Just one more step is necessary: if it turns out that you can recover all your data just by buying and installing the latest version of Windows, well . . .

This conspiracy stuff is fun! 😈


No comments: