The attacks stem from a collection of vulnerabilities collected by the NSA, which collected vulnerabilities and created tools to use the exploits for espionage and cyber attack purposes. The vulnerabilities and the tools were released by a hacking group known as the Shadow Brokers.
In a blog post that appeared on Sunday, Brad Smith, Microsoft’s president appears to have tacitly acknowledged what appears to be an open secret: the ransomeware cyberattack is leveraging a tool built by the NSA, which was leaked online earlier in April.
Microsoft has squarely pinned the blame on the U.S. government for not disclosing vulnerabilities the NSA exploited with its tools.
The WannaCry “ransomware” has locked more than 200,000 computers across 150 countries. Although the spate of attacks have reduced, experts fear this is in preparation for new versions of the worm being readied for strikes.
“This is an emerging pattern in 2017,” wrote Smith. “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.”
With the post, Smith has fuelled the long-running debate over how government intelligence services should balance their desire to keep software vulnerabilities secret, for cyber war and espionage purposes, against the option of sharing them with technological companies so as to patch them up and better secure the internet.
“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” wrote Smith. Governments around the world should “treat this attack as a wake-up call” and “consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
The economic costs of the ransomware attack has attracted different opinions from experts who differ on the impact of the cost the attack on businesses and governments.
As per the U.S. Cyber Consequences Unit, a non-profit research institute, the estimated total losses ranges in the hundreds of millions of dollars not exceeding $1 billion.
Cyence, a California-based cyber risk modeling company, has placed the total economic damage at $4 billion, citing costs associated with businesses interruption.
On Friday, U.S. President Donald Trump had ordered Tom Bossert, his homeland security adviser, to convene an “emergency meeting” to assess the threat posed by the global attack, said a senior administration official on the condition of anonymity.
The source went on to add, senior U.S. security officials had held a meeting in the White House’s Situation Room, on Saturday.
The FBI and the NSA were collaborating to help mitigate the damage and identify the perpetrators of the massive cyberattack.
Although the investigation into the attacks were in their early stages, attributing them to a group or country is notoriously tough.
On Friday, the impact of the original attack was greatly dampened thanks to a security researcher who managed to take control of a server connected to the outbreak, which crippled a feature that caused the malware to rapidly spread across infected networks.
In April, Microsoft had issued a patch which fixes a vulnerability that allows a worm to spread across networks, a feature which allowed infections to surge on Friday.
The code for that vulnerability, known as “Eternal Blue,” was released on the net by a hacking group known as the Shadow Brokers.
Devices running outdated systems were mostly the victims of the attacks. In many cases, outdated devices used by the manufacturers and in hospitals, were more difficult to patch since it would result in disrupting crucial operations, said security experts.
On Sunday, the head of the European Union’s police agency stated the cyberattack had so far affected 200,000 systems across 150 countries. This number is likely to grow once people return to work on Monday.
“Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing emails” or other as yet unconfirmed ways the worm may propagate, said Christian Karam, a Singapore-based security researcher.