Since Friday, malware has infected an estimated 300,000 computers in 150 countries. Users' files at hospitals, companies and government agencies have been held for ransom.
Cybersecurity experts say the unknown hackers used a hole in Microsoft software that was discovered by the National Security Agency. The hole was exposed when NSA documents were leaked online.
Brad Smith, general counsel and executive vice president of Microsoft, laid some of the blame with the US government, criticising US intelligence agencies for "stockpiling" software code that can be used by hackers.
Tom Bossert, Trump's assistant for homeland security and counterterrorism, defended the NSA, the lead US signals intelligence agency.
"This was not a tool developed by the NSA to hold ransom data," Bossert told reporters yesterday. "This was a tool developed by culpable parties potentially criminals or foreign nation-states."
Perpetrators put the malware together in a way to deliver it with phishing e-mails, put it into embedded documents and caused infection, encryption and locking, he said.
The official was not authorised to publicly discuss the investigation and spoke only on condition of anonymity.
Cyber experts say the tools were stolen from the Equation Group, a powerful squad of hackers which some have ties to the NSA. The tools materialised as part of an internet electronic auction set up by a group calling itself "Shadow Brokers," which promised to leak more data into the public.
"I haven't found an analyst who doesn't say it doesn't come from the NSA cache," said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies.
The Shadow Brokers "shared that vulnerability with the world and then these criminals took advantage of it," he said.
V Miller Newton, president of PKWARE, a data protection and encryption company based in Milwaukee, Wisconsin, said leaks of purported NSA hacking tools have been coming out in dribs and drabs since August.
"Criminals or terrorists are going to try to leverage these exploits," he said. "How damaging could it be? Extremely."
"The tools are useful and they are in the hands of criminals today," Newton said. "Holy cow! The government can't protect itself from insiders?"
Analysts at the Cyber Threat Intelligence Integration Center worked throughout the weekend to keep American officials informed about classified aspects of the investigation.
"Attribution can be difficult here," Bossert said. But he added: "I don't want to say we have no clues."
"While it would be satisfying to hold accountable those responsible for this hack something that we are working on quite seriously the worm is in the wild, so to speak at this point, and patching is the most important message as a result," he said.
Neither the FBI nor NSA would comment today.
If Americans follow the patching information issued by the FBI, Microsoft and the Homeland Security Department, they will be protected from the malware and the variants, Bossert said.
Some US companies, including FedEx, were affected. No federal systems have been victimised thus far, Bossert said.
Virginia Senator Mark Warner, the Senate intelligence committee's top Democrat, wrote Homeland Security Secretary John Kelly and White House budget director Mick Mulvaney yesterday asking what steps the federal government has taken to ensure federal agencies and government contractors have installed critical security updates to defend against the attack.
The office, he said, also identified cases where agencies were using software no longer supported by its vendors.
Disclaimer: No Business Standard Journalist was involved in creation of this content