Microsoft this weekend unleashed its wrath on the National Security Agency, alleging it was responsible for the ransomware attack that began last week and has spread to thousands of corporate, government and individual computer systems around the world.

Microsoft Chief Legal Officer Brad Smith launched a blistering attack on the NSA and governments worldwide, equating the ransomware attack with the U.S. military allowing the theft of a Tomahawk missile cache.

“This is an emerging pattern in 2017,” Smith wrote Sunday in an online post. “We have seen vulnerabilities stored by the CIA show up on Wikileaks and now this vulnerability stolen from the NSA has affected customers around the world.”

The attack illustrated a “disconcerting link between the two most serious forms of cybersecurity threats in the world today — nation state action and organized criminal action,” Smith said.

Governments should treat the attack — which has impacted more than 300,000 computers in 150 countries, according to Trump administration officials — as a wake-up call, Smith added, reiterating Microsoft’s call for a Digital Geneva Convention to govern the worldwide use of cybertools.

New Variants Popping Up

The WannaCry exploit is part of a trove of hacking tools the Shadow Brokers allegedly stole from the NSA and then leaked to the Internet. The attack mechanism is a phishing operation that encrypts files using the AES-128 cipher, and demands a ransom ranging from US$300 to $600 in bitcoins in order for the data to be released.

WannaCry has targeted computers using Windows systems, particularly legacy systems. Microsoft earlier this year issued a patch to protect computers from the malware, but in many parts of the world, users of Windows XP or Windows Vista failed to upgrade their systems or download the patch.

Microsoft issued a new patch last week, as well as a patch that would cover the legacy systems, as it stopped providing routine upgrades for them last month.

Two additional variants of the WannaCry malware were patched versions — rather than recompiled versions from the original authors — according to Ryan Kalember, senior vice president of cybersecurity at Proofpoint, which helped stop the original strain of the virus last week.

The first variant, WannaCry 2.0(a) pointed its kill switch to a different Internet…