"Clearly having the vulnerability be in Microsoft software was one of the key elements", said Steve Grobman, chief technology officer of McAfee, a security company in Santa Clara, California. That's what the lawmakers and federal officials should be focusing on - not on trying to discourage consumers from using encryption on their smartphones, or on building stockpiles of malware based on vulnerabilities they alone have found.
Critics have charged the NSA with failing to notify software manufacturers of security vulnerabilities in order to maintain its intelligence-gathering capabilities against foreign computers. The outbreak was able to quickly spread across the globe because it leveraged malicious computer code that was shared by the Shadow Brokers in April and likely developed by the NSA. It asked for a ransom payment of $300 in bitcoin to unlock the computer. It is believed that 200,000 computers were affected by the ransomware.
Several European news outlets have reported that while the attacks have been widespread since they started Friday, perpetrators have only earned about $30,000 to $40,000 so far. Now, another leaked NSA tool is being used by cybercriminals to create more havoc.
In a statement earlier this week, Microsoft levelled the blame at the NSA for losing control of vulnerabilities it had uncovered but kept secret. He added the current situation has to be a wake-up call for governments.
For the most part, civil liberties groups are siding with Microsoft. The reality, though, is that doing so would reduce the effectiveness of cybertools that have become an integral part of modern efforts by agencies like the NSA to fight terrorism, global criminal organizations and rogue states.
"The United States, more than probably any other country, is extremely careful with their processes about how they handle any vulnerabilities that they're aware of", Tom Bossert, the White House homeland security adviser, said at a press briefing on Monday.
Therein lies the uncomfortable irony for Microsoft. Microsoft released a patch for all of its operating systems, including those no longer supported, to fix the EternalBlue flaw.
Britain's National Health Service said about a fifth of NHS trusts the regional bodies that run hospitals and clinics were hit by the attack on Friday, leading to thousands of cancelled appointments and operations. The ransomware affected organizations using Windows XP, an unsupported, outdated operating system. The company rushed out a patch on Saturday, however.
Lastly there are, of course, the attackers, who kidnapped precious data and demanded ransom be paid. But for a host of reasons, even patching computer systems is a hard challenge.
"Hundreds of ATMs being shut down in India is recognition of the fact that the ransomware attack which is happening globally is increasingly also looking at India".
(In China, that country's love of pirated software, which typically doesn't receive updates, contributed to WannaCry's virulent spread there on Monday). "That's going to become a more common practice". Computer scientists estimate that for every 1,000 lines of code written, there will be between 15 and 50 errors.
But with Microsoft making an exception this time and providing the patch free to XP users, it may come under pressure to do the same next time it issues a critical security update.