do you agree with the assessment over at dhs? >> i think that is probably right. when we look at attribution there is a whole host of things that we analyze. the intent is one of those things. in this particular case this appears to be traditional crimical organizations. we have seen a lot of ransom wear just in the last year although you can't rule it out without additional analysis. >> and what do you think about the fact that the u.s. was not as badly hit as some of the other countries? >> i don't think there is significance to that. a lot of the reason this has occurred is because there hasn't been adequate patching. adequate patching is typically not available in operating systems that are legacy or older and not supported. a lot of countries that were hit there is a lot of pirated software and software not on the update list. so that is indicative i think of