Microsoft’s top lawyer has called on governments around the world to treat the international cyber attack as a “wake-up call” as he laid part of the blame at the door of the US administration.
Brad Smith, the technology firm’s president and chief legal officer, criticised US intelligence agencies the CIA and the National Security Agency (NSA) for “stockpiling” software code which could be exploited by hackers.
Smith said the “ransomware” attacks had used data stolen from the NSA earlier this year – which contained information on software vulnerabilities the government had hoped to hoard – and subsequently leaked them online.
In a blog post, he said: “An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.
“And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cyber security threats in the world today – nation-state action and organised criminal action.”
It comes after more than 200,000 victims in around 150 countries were infected by the ransomware which originated in the UK and Spain on Friday before spreading around the world.
The attack, known as “WannaCry” had a major impact across Asia as workers there returned to work on Monday, with Chinese state media saying almost 30,000 institutions there had been infected.
Chinese authorities from traffic police to industry regulators said the spread of the WannaCry worm appeared less aggressive than initially feared.
Dozens of local Chinese authorities said they had suspended some of their services due to the attack that has disrupted operations at car factories, hospitals, shops and schools around the world.
“The growth rate of infected institutions on Monday has slowed significantly compared to the previous two days,” said Chinese Internet security company Qihoo 360.
The Indonesian government urged companies to update their systems on Monday after two hospitals in Jakarta were hit by the ransomware.
Britain’s NHS was one of many major global organisations affected, with 47 trusts hit.
Seven trusts, including St Barts in London and the York Teaching Hospitals NHS Trust, have experienced serious problems and require “extra support”.
But Health Secretary Jeremy Hunt failed to address the NHS attack when he was approached by BBC reporters on Monday.
Problems with cyber security in NHS organisations were highlighted last year by Dame Fiona Caldicott, the national data guardian, who warned that issues were given insufficient priority and that health bodies persisted in using obsolete computer systems, The Times said.
The BBC quoted analysts as saying organisations and businesses in Britain had paid some $US38,000 ($A51,342) to cyber criminals for the decryption of files since Friday.