As the massive ransomware attack spread like wildfire across hundreds of countries over the weekend, experts estimated that the ransomware, dubbed WannaCrypt or WannaCry, infected over 100,000 computers in nearly 150 countries. Security researchers said the ransomware was created on code from NSA malware strains that were recently leaked by the mysterious Shadow Brokers hacker group.
The sheer scope of the devastating attacks saw the infosec community work frantically to battle the aftermath. Although the spread of the attacks was stopped, experts have warned people to brace for renewed and imminent waves of attacks.
Microsoft quickly issued patches to protect and defend its users against WannaCry. On Sunday (14 May), Microsoft president Brad Smith slammed the NSA and the US government, warning of the dangers of stockpiling cyberweapons.
"The governments of the world should treat this attack as a wake-up call," Smith said. "This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem.
"This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen."
Microsoft lauded by Infosec community
"The US government clearly had its priorities wrong. These weapons should be properly secured. Imagine if someone had lost a nuclear weapon, heads would have rolled," Phillip Hallam-Baker, principal scientist, global cybersecurity firm Comodo, told IBTimes UK.
Security experts have hailed Microsoft's decision to publicly call out the US government and the NSA's decision to stockpile cyberweapons. Experts, including whistleblower Edward Snowden, took to Twitter to laud Microsoft for its quick response and its censuring of the NSA.
"We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits," Smith said, adding that such instances drove Microsoft to call for a "Digital Geneva Convention" in February, which would force governments to "report vulnerabilities to vendors, rather than stockpile, sell, or exploit them".