A worldwide ransomware attack on Friday hit organizations across multiple continents, infecting FedEx and bringing down operations for at least 16 of the U.K. National Health Service's facilities.
Here are six new developments to know.
1. Security experts report the ransomware variant exploits a vulnerability discovered and developed by the U.S. National Security Agency, according to The New York Times. Shadow Brokers, a group that regularly posts stolen software and hacking tools developed by the U.S. government, released the tool online last month.
2. Microsoft created a patch for the vulnerability, according to The New York Times. However, many organizations — including hospitals — had not appropriately updated their systems.
3. Brad Smith, president and chief legal officer of Microsoft, penned a blog post on Sunday blaming the U.S. government for not working with technology companies to address software vulnerabilities.
"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," he wrote. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage."
4. Preliminary evidence shows infections in at least 14 countries, Reuters reported Friday afternoon. Since then, security experts discovered the ransomware infected more than 200,000 computers in more than 150 countries. At least 1,600 U.S. organizations have been infected with the ransomware, including FedEx, Forbes reports.
5. Once infected, each affected organization received a similar message that requests at least $300 in bitcoin to unencrypt their files, according to Reuters. The ransomware attackers have already received roughly $32,500 in bitcoin as of 7 a.m. EDT on Sunday.
6. Security experts expected these estimates to increase Monday when people returned to work, according to CNN. However, a 22-year-old U.K. security researcher — who goes by the online name 'MalwareTech' — discovered a "kill switch" in the software's code, according to BBC.
"It was actually partly accidental," he told the BBC. The researcher noticed the ransomware contacted a single web address while infecting its targets. He decided to register it for $10.69, and "unexpectedly triggered part of the ransomware's code that told it to stop spreading," BBC reports.
While MalwareTech's fix stopped the ransomware variant from distributing to new devices, it does not fix systems already infected, according to BBC.