Russian President Vladimir Putin took a jab at the United States for the National Security Agency's (NSA) alleged unwitting role in an international ransomware attack.
Wanna Cry, also known as WanaCrypt0r and WanaDecryptor, hit hundreds of thousands of computers worldwide over the weekend. It is based on a leaked tool taking advantage of a security flaw in Windows that appears to originate with the NSA.
"We are fully aware that the genies, in particular, those created by secret services, may harm their own authors and creators, should they be let out of the bottle," said Putin in Beijing, according to the Russian state-owned news service, Tass.
The apparent NSA leak may demonstrate that the agency holds a stockpile of previously unknown security vulnerabilities — for which no patches exist. Microsoft patched the security flaw used in Wanna Cry in March, before the code for it leaked. But dates contained in leaked files indicate it had been in use by the NSA since well before that.
Hacking groups believed to be Russian espionage operations, such as Fancy Bear and Cozy Bear, are known for using security vulnerabilities already known to the public but unlikely to have been patched on victims' computers. However, as recently as last week, two believed Russian groups used previously unknown vulnerabilities in Microsoft Office to hack political targets in NATO nations. Had those flaws been leaked rather than first discovered by researchers, they could have been used in much the same way as Wanna Cry used the NSA's wares.