Microsoft blames US stockpiled vulnerability for ransomware attack
Microsoft on Sunday said a software vulnerability stolen from the U.S. National Security Agency has affected customers around the world, and described the spread of the WannaCrypt ransomware on Friday in many countries as yet another example of the problems caused by the stockpiling of vulnerabilities by governments.
Referring to the attack as a “wake-up call,” Microsoft’s President and Chief Legal Officer, Brad Smith wrote in a blog post that governments have “to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
The ransomware, also called WannaCry or Wana Decryptor, works by exploiting a vulnerability in some older versions of Windows. It has been suspected for some time now that the malware came from a cache of hacking tools reportedly stolen by hacking group Shadow Brokers from the NSA and leaked on the internet. WannaCry is said to take advantage of a NSA hacking tool, called EternalBlue, that can make it easy to hijack unpatched older Windows machines.