The ransomware cyberattack known as "WannaCry" infected hundreds of thousands of computers globally on Friday, but the malware was first detected in March and publicly reported stolen from the United States National Security Agency a month later.
WannaCry is a ransomware virus that holds computers hostage until the user meets the demands. The WannaCry software infected computers operating on Microsoft and displayed messages demanding users to pay $300 in bitcoin — type of digital currency widely used online. The required payment would typically double to $600 if the first ransom wasn't paid within days and, after a week failed action, all files on the infected computer would be destroyed.
The malware paralyzed computers in factories, banks, government agencies and transport systems, hitting 200,000 victims in more than 150 countries by Monday. It also hit a "limited number" of U.S. companies over the weekend, a senior DHS official confirmed to Fox News. CERT (Computer Emergency Readiness Team) worked with the affected U.S. companies and their European partners over the weekend to get a patch to parties affected by the ransomware infection.
Though many first heard about WannaCry on Friday, Microsoft discovered it earlier this year and released a security update to patch the hole in its system on March 14, Brad Smith, Microsoft's president and chief legal officer, said in a blog post on the company site.
The virus was able to infect many systems on Friday because some users didn't install the latest security update, leaving computers vulnerable for any attack. It takes just one click on an infected link or email attachment to have the virus spread to other computers within the network.
"As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past," Smith said.
However, the harshest criticism was left for the NSA, who had the software that was responsible for the cyberattack stolen. Though the theft was publicly reported in April, Smith attacked the NSA for "hoarding these vulnerabilities" and failing to inform the tech giant and the public about the stolen malware beforehand.
"Exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen," Smith said.
Microsoft's president called on the government to apply the same rules it would to weapons in the physical world to viruses in cyberspace.
"We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits," Smith wrote.
There isn't a permanent fix for WannaCry, but Microsoft said its team has been working "around the clock since Friday to help all our customers who have been affected by this incident."
On Monday, about $38,000 were already paid to those behind the attacks, the BBC reported. The figure could climb as new infections were reported in Asia.