A top Microsoft exec criticized at the US and other governments who hoard software exploits in the wake of the massive global infection by WannaCry ransomware as the company struggled to deal with the fallout from the hundreds of thousands of unpatched computers affected, for the first time offering free patches for older software products it long ago stopped supporting.
Cybersecurity experts say the worm affects computers using Microsoft operating systems and takes advantage of a vulnerability in the software to spread the infection.
His comments came as Computer Emergency Response Teams, or CERTs, across the globe continued to deal with the fallout from infections - a Chinese security firm said almost 30,000 enterprises there had been struck - and as a running tally of the bitcoin accounts the malware's authors were collecting ransom in showed they had garnered only about $54,000 by noon EDT Monday.
A young British cyber security expert who thwarted many attacks was hailed as a hero after he triggered a "kill switch" by buying and activating a domain that the malware had been programmed to connect infected computers to.
In a blog post on Sunday, Microsoft President Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: The ransomware attack leveraged a hacking tool built by the U.S. National Security Agency, that leaked online in April.
After indicating that it had seen "evidence" of attacks on Friday, the Department of Health and Human Services issued an update over the weekend warning providers that attackers were scanning the internet for Remote Desktop Protocol (RDP) servers as an entry point for the malware.
In China, the world's second-largest economy, energy giant PetroChina said payment systems at some of its petrol stations were hit, although it had been able to restore most of the systems. After "WannaCry", it released an emergency patch for older systems too.
"WannaCry" has disrupted networks in over 150 countries, including Russian Federation and the United Kingdom, and is being termed as one of the most widespread cyber attacks in history. At least 1,600 US organizations have been infected with the ransomware, including FedEx, Forbes reports. Senior security staff reportedly held another meeting in the White House Situation Room on Saturday. A temporary fix slowed the spread, but new versions of the virus have been unleashed.
Over the weekend, Qihoo reported that the ransomeware attack infected almost 30,000 groups by Saturday night.
Victims told Brian Lord, managing director of cyber and technology at cyber security firm PGI, that "the customer service provided by the criminals is 2nd to none".
"You can buy ransomware kits on the dark web, you can buy all the tool sets you need to undertake your own ransomware campaign quiet easily", he said, referring to an area of the internet often used for illegal activity.
The British government defended its cyber-security policies on Monday in the aftermath of an unprecedented malware attack. Experts are urging all organizations to update their software.
Material from Reuters was used in this report.