Microsoft blames USA stockpiled vulnerability for ransomware attack

"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage". In Britain, whose health service was among the first high-profile targets of the online extortion scheme, Health Secretary Jeremy Hunt said "we have not seen a second wave of attacks". "You're only safe if you patch ASAP", wrote the researcher on Twitter.

Here are some of the key players in the attack and what may — or may not — be their fault.

As a loose global network of cybersecurity experts fought the ransomware hackers, Chinese state media said 29,372 institutions there had been infected along with hundreds of thousands of devices. So it makes sense to assign some responsibility to the NSA — the attackers didn't come up with this security hole on their own, after all.

The government is not legally bound to notify at-risk companies.

Computers around the globe were hacked beginning on Friday using a security flaw in Microsoft's Windows XP operating system, an older version that was no longer given mainstream tech support by the U.S. giant.

"An equivalent scenario with conventional weapons would be the USA military having some of its Tomahawk missiles stolen". One month earlier, Microsoft had released a patch targeting the vulnerability.

Organizations and networks worldwide have since Friday been dealing with the fallout of massive ransomware attack that exploited a hole in PCs running Microsoft Windows that haven't been updated.

The company on Friday said it had added additional protection against the specific malware, and was working with affected customers.

Still, it was Microsoft that wrote the exploitable software to begin with.

Microsoft rolled out over the weekend a patch for Windows XP, Windows Server 2003 and Windows 8, which are operating systems for which it no longer provides mainstream support.

Brad Smith, Microsoft's president and chief legal officer, said yesterday in a blog post that his company, its customers and the government all share the blame, the report said. He noted, however, the complexity that can be involved in patching a security hole.

Security experts said his move bought precious time for organizations seeking to block the attacks.

England's National Health Service said 47 organisations providing care had been hit and on Sunday afternoon seven hospitals were continuing to divert patients from the emergency room.

Tom Bossert, a homeland security adviser to President Donald Trump, said "criminals" were responsible, not the USA government. Backups often are also out of date and missing critical information. "If someone kidnaps your child, you may pay your ransom but there is no guarantee your child will return".

Michael Mitchell, spokesman for Oreo cookie maker Mondelez International, said the company is not aware of any incidents from the attack, though it did alert employees.

There were 2,13,000 infected machines in 112 countries as of 1000 GMT on Monday, according to Czech security firm Avast, making it one of the largest coordinated attacks to hit computers across the world.

As a loose global network of cybersecurity experts fought the ransomware, the attack was disrupting computers that run factories, banks, government agencies and transport systems in scores of countries, including Russia, Ukraine, Brazil, Spain, India and Japan, among others.

The Reserve Bank of India (RBI) also asked all banks to put in place a software update at ATMs to prevent their systems from a malware that has attacked payment systems across the world.

So far only a few victims of the attack appeared to have paid, based on publicly available bitcoin accounts on the web, where victims have been instructed to pay. If they caught, that is.