Reports indicate that months ago the National Security Administration first uncovered a vulnerability in Microsoft's Windows operating system using a hacking tool that ironically was then released on the Internet by hackers.
The attackers have also only made around $50,000 in ransom demands so far, indicating that the vast majority of victims simply aren't paying up. Microsoft had issued a patch on March 14, but many computers hadn't run the update.
Smith said the attack provided graphic evidence about "the degree to which cybersecurity has become a shared responsibility between tech companies and customers". But Smith didn't stop there.
But some other technology industry executives said privately that it reflected a widely held view in Silicon Valley that the USA government is too willing to jeopardize internet security in order to preserve offensive cyber capabilities. "This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem". It works by exploiting a Windows vulnerability that the U.S. National Security Agency may have used for spying.
It's hard to blame Microsoft, Litan said, since it issued fixes and generally did what it should. When do such tools enhance security, and when do they weaken it by exposing citizens, companies and national organisations to the very dangers they are supposed to protect against? "But the fact is that many or most of those affected by WannaCrypt had the chance to secure their systems and failed to do so".
"Customers have to take at least a little responsibility for their own security", said Olds. But not everyone is prompt or has the access to update their systems, leading to untold vulnerable computers around the world. "Many of these same folks are running systems with outdated operating system versions".
"By failing to support older versions of its operating system, the IT company provided the hackers that stole the NSA's IT Tomahawk Missile the opportunity they needed", expressed The Independent, while The Inquirer voiced similar concerns in an article titled "Microsoft, it's not just the NSA".
"Hopefully people are learning how important it is to apply these patches", said Darien Huss, a senior security research engineer for cybersecurity firm Proofpoint, who helped stem the reach of the weekend attack. Even if the email comes from someone you know, don't open the attachment, as cybercriminals can "spoof" email addresses or hijack other people's email accounts. "They must also enable automatic updates in their computer or laptop systems", added Yadav.
Rob Enderle, principal analyst with Enderle Group, agreed.
Is it time for the world to come together and avoid these wide-scale cyber attacks the same way nations came together to avoid major global conflicts? When the NSA and other intelligence agencies discover flaws in Windows code, how often should the NSA keep that secret to hack targets, for instance, and what obligation does it owe to Microsoft? That's real life. And the NSA doesn't seem to have told Microsoft how serious the vulnerability was, as Microsoft did not highlight the patch as critical.
Ultimately, "Microsoft will take a lot of heat for this, but in this instance, they performed as rapidly as they could, they have a right to be [angry]".
The Wannacry cyber attack compromised Russian banks' systems in some isolated cases, the Russian central bank said on Friday, in the first official acknowledgement by Moscow that the attack had an impact on the banking system. Computers with Windows 10 are not at risk.