Tech giant slams US spy agencies for developing hacking tools that were stolen and used in the attack
Microsoft has blamed governments for the devastating cyber attack that spread through the NHS on Friday and outwards to 150 different countries.
The malicious computer worm, which exploited a vulnerability in Microsoft's Windows operating system , is believed to have been so successful because of hacking tools developed by the NSA.
Hackers grafted the NSA tools onto existing malware and let it loose on systems running outdated versions of Windows. Even though Microsoft had issued a security patch back in March, it wasn't available for the older operating systems.
Brad Smith, president and chief legal officer at Microsoft, called the attack a "wake-up call". He goes on to blame the NSA, CIA and other intelligence services for not disclosing security vulnerabilities like this when they find them.
According to Smith, it's the equivalent of the US military having its own Tomahawk missiles stolen.
"We take every single cyberattack on a Windows system seriously, and we’ve been working around the clock since Friday to help all our customers who have been affected by this incident. This included a decision to take additional steps to assist users with older systems that are no longer supported," he wrote in a blog post .
"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017.
"We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage."
Smithy points out that no computers running Windows 10 were affected by the malware.
Despite Microsoft releasing a new patch on Friday and programmer Marcus Hutchins stopping the spread of the ransomware, this isn't the end of it.
Security researchers are concerned that the malicious code can simply be re-written to target a different vulnerability and re-released again.
Gavin Millard, EMEA technical director of Tenable Network Security, said: "With the ubiquity of vulnerable systems in the NHS and other organisations, and the rapid spread of the ransomware. Hopefully the time will be dramatically reduced with backups available to rebuild affected systems, if not it could take weeks for some Trusts to recover to a full service.
"It’s important that every organisation has a clear view of all systems that are vulnerable to MS17-010, the main bug targeted by WannaCry, and have a robust patching process to address quickly as I’m sure this isn't the end of the exploitation of this particularly nasty software flaw."