The attack was disrupting computers that run factories, banks, government agencies and transport systems in Russia, Ukraine, Brazil, Spain, India and Japan, among others. Consequently, Microsoft should investigate the unsafe flaw in its system. The attack used common ransomware tactics including spreading phishing emails.
Many people in fact believe someone at NSA must have tipped Microsoft that the files had been stolen, which is how it knew it needed to push out that particular patch, said Ryan Kalember of Proofpoint, a Sunnyvale, Calif. -based security firm whose researchers were instrumental in fighting the the WannaCry attack.
EternalBlue exploits Microsoft's Server Message Block protocol. In a surprise move over the weekend, Microsoft released a patch for versions of Windows it no longer supports - because many businesses and organizations use legacy technology as critical infrastructure.
Computers booting up to start the workweek might continue the spread of "WannaCry", a ransomware attack where hackers lock down a computer and threaten to delete all its data unless a ransom is paid. "There is this stream of liability that flows from the ransomware attack", he said.
"One thing that is very important to note is our sinkholing only stops this sample and there is nothing stopping them removing the domain check and trying again", MalwareTech stated in his official blog. They, too, should regularly update with software patches as they're issued.
Bkav recommends that all computer users immediately install updates and security patches and hotfixes via Windows Update.
"As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems", Mr Smith said. He noted, however, the complexity that can be involved in patching a security hole. A final fail-safe is to shut down vulnerable systems.
"Ransomware spreads easily when it encounters unpatched or outdated software", US-CERT explained.
Microsoft also blamed the USA government, calling the attack a "wake-up call", and pleading with the government to "stop stockpiling tools to exploit digital vulnerabilities". Convincing, seemingly innocent messages sent to users can contain damaging code that is not only capable of infecting individual devices, but of leapfrogging onto any other connected computer sharing the same network. Phishing attacks with malicious attachments are the main way the malware ends up on corporate networks, meaning that users should be wary of opening such attachments if they seem unusual, as well as keeping all Microsoft Office applications up to date.