MICROSOFT’S CYBER NEGLIGENCE: SENATOR CALLS FOR FTC INVESTIGATION AFTER ASCENSION RANSOMWARE COLLAPSE

Day

–:–

Post Activated

Scroll down to press Like

Threat Summary

Category: Healthcare Infrastructure Cyberattack
Features: Ransomware breach, RC4 encryption negligence, Kerberoasting exploitation, systemic Microsoft dominance
Delivery Method: Malicious link via Bing search → malware foothold → Kerberoasting on Active Directory → ransomware deployment
Threat Actor: Black Basta ransomware group (attributed, no public claim)

The 2024 ransomware attack against Ascension Health, one of the largest Catholic healthcare providers in the United States, has reignited the debate over Microsoft’s systemic failures in cybersecurity. Senator Ron Wyden (D-Ore.) has demanded that the Federal Trade Commission (FTC) investigate Microsoft’s role, accusing the company of “gross negligence” for continuing to support outdated encryption standards that left critical infrastructure open to compromise.

The attackers gained initial access after a contractor clicked a malicious Bing search result, enabling malware to spread inside Ascension’s network. From there, the hackers launched a Kerberoasting attack on Microsoft Active Directory to crack privileged account passwords, eventually detonating ransomware across 140 hospitals in 19 states.

The fallout was catastrophic:

Nearly 6 million patients’ healthcare and financial data was exposed.
Ambulances were diverted, and non-emergency surgeries were canceled.
Staff were forced to rely on Google Docs and handwritten notes to track medication doses and prescriptions.
At Detroit’s Ascension St. John Hospital, nurses reported four-hour delays on head CT scans for stroke patients, describing conditions that placed lives directly at risk.

This was not a one-off. It was the predictable result of Microsoft’s default insecurity, and it has triggered calls for accountability that TRJ fully agrees must now be answered.

Infrastructure at Risk

Outdated RC4 Encryption: Microsoft’s continued support for RC4, an algorithm dating back to the 1980s, provided hackers with the exact conditions needed to carry out Kerberoasting attacks. Wyden emphasized that even Microsoft’s own researchers have warned for years that RC4 is unsafe.
Active Directory Weakness: Because AES encryption is not required by default, most organizations never reconfigure their systems, leaving administrator accounts crackable with relative ease.
Healthcare Dependency: Ascension’s network collapse revealed how deeply American hospitals rely on Microsoft’s infrastructure. Nurses and doctors could not access electronic health records, leaving patients exposed to dangerous delays in diagnosis and treatment.

Policy / Allied Pressure

Wyden’s letter charges Microsoft with “arming arsonists, then selling fire extinguishers.” He points out that Microsoft has:

Downplayed warnings about Kerberoasting by relegating security advisories to obscure blog posts.
Failed to notify customers directly that their systems remained vulnerable unless settings were manually changed.
Profited from selling add-on security services to protect the very systems that its weak defaults exposed in the first place.

He further argued that Microsoft’s near-monopoly on enterprise IT leaves organizations with no practical alternatives, even after massive breaches. Government agencies, nonprofits, and healthcare systems alike remain locked into insecure defaults.

Microsoft’s defense — that RC4 traffic represents less than 0.1% of usage and will eventually be disabled by 2026 — has done little to satisfy critics. For victims, that timeline is too late.

Vendor Defense / Reliance

Microsoft has promised:

RC4 will be disabled by default in new Active Directory installations by Q1 2026.
Guidance for administrators will be released with updates.
Stronger warnings will be provided against legacy encryption use.

But Wyden and TRJ argue these commitments are performative half-measures, designed to protect Microsoft’s market position rather than its customers. The reality: Microsoft knowingly left a dangerous default in place, and it took a ransomware disaster to force movement.

Forecast — 30 Days

FTC Pressure: If Wyden’s request gains traction, the FTC could launch an investigation into whether Microsoft’s defaults constitute unfair or deceptive business practices.
Healthcare Fallout: Ascension’s pending class-action lawsuits in Texas, Illinois, and Tennessee could drive a wave of similar litigation against healthcare systems reliant on Microsoft.
Industry Scrutiny: Other sectors that depend on Active Directory — including finance, education, and logistics — may face renewed audits and pressure to harden default encryption.
Threat Actor Watch: Black Basta remains the leading suspect in the Ascension attack. Expect continued targeting of healthcare networks, as ransomware groups exploit default weaknesses and outdated standards before Microsoft’s fixes arrive.
Government Response: Lawmakers may push legislation requiring mandatory secure defaults in enterprise software — a move that would strike directly at Microsoft’s current “opt-in” security model.

TRJ Verdict

Microsoft’s response reveals a pattern we’ve documented repeatedly: profits first, security second, customers last. By leaving insecure 1980s-era encryption enabled by default, Microsoft effectively handed ransomware gangs the keys to hospitals, patient data, and life-critical systems.

The defense that “customers could have configured it differently” rings hollow — because Microsoft knows most organizations cannot afford dedicated security teams to reconfigure defaults. The monopoly ensures adoption, the defaults ensure exposure, and the breaches ensure new revenue streams for Microsoft’s cybersecurity add-ons.

TRJ stands firmly with Senator Wyden: the FTC must investigate. When a near-monopoly vendor’s negligence contributes directly to patients waiting hours for stroke treatment, that is no longer a technical misstep — it is systemic failure with life-and-death consequences.

Spying Eye Animation — Blue & Black Info Warfare

🔥 NOW AVAILABLE! 🔥

📖 INK & FIRE: BOOK 1 📖

A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed.

🔥 Kindle Edition 👉 https://a.co/d/9EoGKzh
🔥 Paperback 👉 https://a.co/d/9EoGKzh
🔥 Hardcover Edition 👉 https://a.co/d/0ITmDIB

🔥 NOW AVAILABLE! 🔥

📖 INK & FIRE: BOOK 2 📖

A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed just like the first one.

🔥 Kindle Edition 👉 https://a.co/d/1xlx7J2
🔥 Paperback 👉 https://a.co/d/a7vFHN6
🔥 Hardcover Edition 👉 https://a.co/d/efhu1ON

Get your copy today and experience poetry like never before. #InkAndFire #PoetryUnleashed #FuelTheFire

🚨 NOW AVAILABLE! 🚨

📖 THE INEVITABLE: THE DAWN OF A NEW ERA 📖

A powerful, eye-opening read that challenges the status quo and explores the future unfolding before us. Dive into a journey of truth, change, and the forces shaping our world.

🔥 Kindle Edition 👉 https://a.co/d/0FzX6MH
🔥 Paperback 👉 https://a.co/d/2IsxLof
🔥 Hardcover Edition 👉 https://a.co/d/bz01raP

Get your copy today and be part of the new era. #TheInevitable #TruthUnveiled #NewEra

🚀 NOW AVAILABLE! 🚀
📖 THE FORGOTTEN OUTPOST 📖
The Cold War Moon Base They Swore Never Existed

What if the moon landing was just the cover story?

Dive into the boldest investigation The Realist Juggernaut has ever published—featuring declassified files, ghost missions, whistleblower testimony, and black-budget secrets buried in lunar dust.

🔥 Kindle Edition 👉 https://a.co/d/2Mu03Iu
🛸 Paperback Coming Soon

Discover the base they never wanted you to find. TheForgottenOutpost #RealistJuggernaut #MoonBaseTruth #ColdWarSecrets #Declassified

Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!

https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a

Back to Blog

Comments (3) on “MICROSOFT’S CYBER NEGLIGENCE: SENATOR CALLS FOR FTC INVESTIGATION AFTER ASCENSION RANSOMWARE COLLAPSE”

Chris says:

September 11, 2025 at 9:29 pm

This pattern that you’ve documented repeatedly: profits first, security second, customers last, is inexcusable. Microsoft can certainly afford to try and correct, to whatever degree they can, this default that Microsoft knowingly left a dangerous place. Your comment that it is “it is systemic failure with life-and-death consequences” should be enough for anyone with any decency to try and halt what is happening and to attempt to stop any further breaches.
Thank you for the article, John.

Loading...

1. John Neff says:
  
  September 12, 2025 at 1:49 am
  
  You’re exactly right, Chris — that pattern is undeniable: profits come first, security gets sidelined, and customers are left exposed. Microsoft has the resources to correct these failures, yet they’ve normalized risk and left the public to pay the price — even when it means life-and-death consequences.
  
  You said it well: it’s inexcusable. Until accountability outweighs profit, the cycle won’t end.
  
  Thank you very much, Chris — God bless you and yours, and I hope you have a great day ahead. 😎
  
  Loading...
  
  1. Chris says:
    
    September 12, 2025 at 7:41 pm
    
    You’re welcome, John, and thank you for the reply. May God bless you and yours as well!
    
    Loading...