*

Senator's letter to FTC chairman cites ransomware attacks

against infrastructure, health care organizations

*

Senator compares Microsoft ( MSFT ) to 'arsonist selling

firefighting

services to their victims'

*

Ransomeware attack on hospital operator exposed data of

more

than 5 million people, Senator says

By AJ Vicens

Sept 10 (Reuters) - U.S. Democratic Senator Ron Wyden on

Wednesday requested the Federal Trade Commission "investigate

and hold Microsoft ( MSFT ) responsible" for its role in a string of

high-profile cybersecurity incidents in recent years, saying the

company's approach to security "continues to threaten U.S.

national security."

Wyden wrote in a September 10 letter to FTC Chairman Andrew

Ferguson that the tech giant's "gross cybersecurity negligence"

has resulted in ransomware attacks against critical

infrastructure, including U.S. health care organizations at

least in part due to default configurations in the Windows

operating system.

"At this point, Microsoft ( MSFT ) has become like an arsonist

selling firefighting services to their victims," Wyden wrote,

and government agencies and other companies have "no choice" but

to use the company's products due to its "near-monopoly over

enterprise IT."

An FTC spokesperson acknowledged that the agency had

received the letter but declined to comment further.

Widen said a prime example was the May 2024 ransomware attack on

hospital operator Ascension, which according to the company

exposed private medical and insurance data of nearly 5.6 million

people.

Wyden wrote that the hospital operator told his staff that a

contractor using an Ascension laptop clicked on a malicious link

served up by Microsoft's ( MSFT ) Bing search engine, which then allowed

the hackers to gain access to the company's network and

ultimately the organization's Microsoft Active Directory server,

which is used to manage user accounts.

Microsoft's ( MSFT ) support for outdated encryption technology and

default configuration settings set up by Microsoft ( MSFT ) allowed for

the attack approach in the Ascension case, according to Wyden,

and Microsoft ( MSFT ) has not done enough to educate companies about how

to mitigate the threat.

A Microsoft ( MSFT ) spokesperson said Wednesday that RC4, the

encryption standard referenced by Wyden, is old and makes up

"less than .1% of our traffic," and that the company discourages

customers from using it.

"However, disabling its use completely would break many

customer systems," the spokesperson said, and the company is

gradually reducing the extent to which customers can use it

while trying to provide warnings and guidance on the safest way

to use it.

RC4 will be disabled by default in certain Windows products

starting the first quarter of 2026, and the company will include

"additional mitigations" for existing deployments, the

spokesperson said.

Wyden has previously pushed for U.S. government investigation

and review of Microsoft's ( MSFT ) role in cyberattacks, including after

revelations in July 2023 that Chinese-linked hackers stole

thousands of U.S. officials' emails.

(Reporting by AJ Vicens in Detroit. Editing by David Gregorio )