Alex Abdo, a staff attorney at the Knight First Amendment Institute at Columbia University, said Microsoft and other software companies have strategically settled lawsuits that could lead to court rulings weakening their licensing agreements.
The WannaCry infections were so bad that Microsoft, in a surprising move, released a patch to update old, unsupported Windows systems. But did Microsoft write the fixes months before WannaCry went public? Last week, it was set free into cyberspace to infect all the non-protected, non-updated, XP-operating computers around the world, which we now know included a considerable number of institutional and private systems.
Michael V. Hayden, director of the National Security Agency from 1999 to 2005, was once a staunch supporter of the agency, but he believes that the cyber attack "poses a very serious threat to the future of the agency".
Microsoft declined to comment for this story. Many enterprises, including hospitals and a wide range of businesses, still rely on systems running older operating systems or embedded operating systems, leaving them open to hackers and ransom attacks.
Make sure you regularly back up your data.
While Microsoft's reputation has suffered in the past because of security problems, the company's stock is barely down from the close of trading Thursday, just before reports of the ransomware. "That's what the data shows", MWR research head Pratley said. "I don't think there is one".
Shadow Brokers directly attacks Microsoft exec Brad Smith, whose name was on the company's statement, calling him a "scumbag" and questioning his company's links to the NSA. Microsoft wants a "Digital Geneva Convention" he explains, "something that would commit governments to do less hoarding of exploits and vulnerabilities, do more to work with software vendors so that we can all keep systems secure". Losses from WannaCry will also be limited as the ransomware is largely hitting organizations in Europe and Asia where fewer companies buy cyber insurance, although more companies outside the US are buying the coverage, he said.
Since then, the company has poured billions of dollars into security initiatives, employing more than 3,500 engineers dedicated to security.
As the first wave of WannaCry attacks struck computers across the world, Microsoft not only advised Windows users to patch their systems, but also upgrade their anti-virus software which acts as the first line of defence in detecting malware. Over the weekend the company took the unusual step of releasing a similar patch for Windows XP, which the company announced in 2014 it would no longer support.
The ransomware attack exploits a vulnerability in older Windows OS, including Windows 8, Windows XP and Windows Server 2003.
Dore said companies that faced disruptions because they did not run the Microsoft update or because they were using older versions of Windows could face lawsuits if they publicly touted their cyber security.
Investigators are continuing efforts to identify the culprits behind the attack with Russian security firm Kaspersky Lab observing similarities between code used in the ransomware software with hackers linked to North Korea.
"Microsoft rushed out a patch before the attack which is pretty much all they can do", said Enderle.
Despite the high profile of WannaCry, widespread malware outbreaks have become less common over the years, as Microsoft has improved the security of its systems, said Ziv Mador, vice president for security research at Trustwave, a security services firm.