Who Should be Responsible for Ransomware Attacks

July 4, 2017

Who should be responsible for ransomware attacks? The cyber criminals, NSA, Microsoft, the victims themselves or cyber security companies?

Ransomware Attacks that Have Ocurrend Recently

In the last two months, there broke out two major ransomware attacks, WannaCry and Petya. On May 12th, WannaCry attacked the National Health Service (NHS) system and hacked its large amount of data requiring ransom for $300 in Bitcoins. Then, the ramsomware started spreading out at an astonishing speed all around the world before it was stopped by a 22 year old IT guy accidently.

Then, about half month later since the first sight of WannaCry, there came into being another ransomware called Petya which was embedded in a software updating system built into an accounting program that companies working with the Ukrainian government need to use. Petya also encrypt user data and blackmail for $300 Bitcoins.


What worth to be mentioned is that both ransomware exploit the Windows vulnerability EternalBlue which was found by NSA (American National Security Agency) and leaked out by a hacker group called Shadow Brokers when they hacked into NSA center.

After WannaCry broke out, many researchers working in cyber security worked hardly to find out how ransomware WannaCry works and how to avoid it. Finally, they found the Windows MS17-010 vulnerability was made use by the hackers. Actually, Microsoft had released patch of this vulnerability two months earlier on March 14. Users who had updated this patch are secure from WannaCry; the victims are those who didn’t get updated. Thus, professionals suggested computer users who haven’t been infected by virus to update Windows and other computer programs to the very latest version. Maybe this is why the later ransomware Petya choose to seed in an update mechanism.

Great Impacts Caused by Recent Ransomware

For WannaCry, began on May 12, and within a day, it was reported to have infected more than 230,000 computers in over 150 countries globally. Companies affected by ransomware are UK NHS, Spanish telecoms giant Telefonica, Germany’s Deutsche Bahn rail network, South American Latam airlines, transportation delivery FedEx, European and Japan car factories (Renault, Nissan, Hitachi, etc.) to name a few. It is said that schools, national power company, hospitals and businesses were hit by ransomware in Taiwan; a business company paid $1000 in Bitcoin to decrypt files held hostage by WannaCry.

Cyberattack Map

As for ransomware Petya, its victims including: besides state power utilities, government, banks, etc. in Ukrainian, there are also advertiser WPP, food company Mondelez, legal firm DLA Piper and Danish shipping & transport firm Maersk. More further victims to be confirmed.

For both WannaCry and Petya, great damage has been created physically and psychologically: Countless data get lost; public service system get paralyzed, secret documents are leaked, etc.

Why Ransomware Can Infect So Many Computers?

On the one hand, from ransomware itself, it has good mechanisms. First of all, both WannaCry and Petya pick Windows users (which is a large base) as targets and exploit Windows flaws – EternalBlue to achieve attacks. Thus, Windows systems with such flaws are vulnerable to be infected, especially businesses and large organizations that use a Windows tool that enables file-sharing. Once one computer been infected, the malicious software will quickly spread to other machines within LAN through file sharing service even without luring users to do any further operations.

On the other hand, from victims’ perspective of view, out of date OSes can’t defend themselves from ransomware attacks. There were millions of computers which were running vulnerable systems before WannaCry broke out; there were still large amount of old operating systems after WannaCry attack and before Petya infection; and in a great chance that there are still some machines which haven’t install the Windows EternalBlue vulnerability patch yet.

Ransomware Infects Many Computers

It is because of the lack of security awareness of computer users that enables ransomware to cause such a great loss. Most people are reluctant to change, change lifestyle, change residence, change OS and change old version to new version. Some are due to habit while others due to financial obstructions. Especially for large companies or organizations, to upgrade computer systems of the whole group costs much.

In 2015, the U.S. military was paying $9 million a year to use Windows XP. The outdated XP also powers Britain’s nuclear submarines. UK’s government can save roughly 5.5 million pounds for not renewing a custom support agreement for its large installed base of Windows XP PCs. Typical IT departments don’t have the money to invest in infrastructure improvements as a strategic bulwark against precisely this sort of ransomware attack...

Or, the installed old Windows system can’t be changed to advanced versions due to some reasons. While, Microsoft had stopped support for old operating systems like Win XP (in 2014).

Who Should be Responsible for Ransomware Attacks?

Since great damage has been caused by the recent ransomware infections, then who should be responsible for ransomware attacks?

The Criminals

Directly, we will think about the hackers who created the ransomware bear responsibility for ransomware attacks. They surely are.

Ransomware Hacker

For WannaCry, a hacker organization called Lazarus Group which was related to North Korean is suspected for creating WannaCry. Kaspersky, Symantec and Google all mentioned the similar code between WannaCry and former tools made by Lazarus. However, this is all tentative and too early to say with any confirmation.

For Petya, there haven’t been spoken of any suspects.


It is said that Microsoft was to be blame for the ransomware attacks due to Windows system vulnerability makes ransomware successfully get on user computers. Though Microsoft had released patch before ransomware breaks out, it is too close to the ransomware attack that only a part of users got installed. Still, Microsoft stopped support for old Windows system like XP in 2014 while ransomware victims are most Win XP users.

However, Microsoft's president and chief legal officer, Brad Smith criticized the US government for the massive ransomware cyber attack for that the malware made use of a software exploited (Windows vulnerability EternalBlue) developed by the NSA. “Governments of the world should treat this attack as a wake-up call.”

American’s National Security Agency (NSA)

It is the Windows vulnerability EternalBlue found by NSA that was exploited by the hackers to create ransomware. So, NSA should also be responsible for ransomware attacks. Or, the hacker ogranization Shadow Group who hacked into NSA center and leaked EternalBlue and other NSA cyber weapons bears responsibility for ransomware attacks.

NSA Hacking Windows

The Victims Themselves

Anyhow, your computer is under your own control. Have no security awareness and leave it out of date is doomed to suffer ransomware infection soon or later. How to prevent ransomware attacks >>

Cyber Security Companies

Those companies boast to guard your computer from any virus including ransomware. However, they have even failed to detect them. So, they are to blame for ransomware attacks or their exaggerated words.


No matter who should be responsible for ransomware attacks or all of them should, what we need to do is to do whatever we can. Besides keep Windows operating system and other programs up to date, we also should backup important data in case of restore them back after original ones get lost; and stay away from suspicious links, websites and emails, etc.