Who's at fault for the recent Wanna Cry virus: The companies affected or Microsoft/NSA?

Personally, I think it's the companies affected. This is what happens when you try and be cheap when it comes to cyber security​.

Yeah. The mistake is of the companies affected. Because they don't care about updates and that's why they faced this kind of problems in future.
But still I am very happy with Microsoft as the support for Windows XP is already over, but they still released patch for the user to get protected from this attack.

@MCCshreyas Exactly what im thinking. If a company never changed the locks on its doors, and they eventually broke, it'd be the fault of the company. The company failed to upgrade their "locks" (aka their computers lol) and it bit them in the ass.

Microsoft fucked up, but they did update users a month or so before hand if they updated. Not updating an internet facing device is your fault

The person who wrote the virus and takes ransom money is most at fault.

The one who opened the dodgy email and those who do not backup important data are also at fault.

Microsoft probably have a clause in their licence that protects them from blame.

Hm. I would not put the blame on the majority of companies. I think that most companies rely on one specific piece of software that was written for a specific operating system - functionality in a different environment is not guaranteed, therefore updating is not worth the risk. Never touch a running system / If it ain't broken, don't fix it.
Of course, this is a bad motto to live by, but modernization is probably very difficult for big companies.
I'd put the blame on the NSA for (obviously) not reporting these vulnerabilities and generally being a dick.
Also, kudos to Microsoft, because even though I don't agree with many things that they do nowadays, they did patch the vulnerability in March and also released security patches for unsupported Windows versions very quickly (which you can't take for granted).
But honestly, I don't know too much about how companies work internally – I'm just an average student so feel free to ignore my comment (seriously)

I think it's the NOBUS bullshit. Claiming that only you could ever possibly roll 6 6's in a dice roll because you have the biggest collection of dice is utter and complete bullshit. Even a person with a single dice and a shitload of luck can outroll you! Not to mention that bad people aren't above stealing your fucking dice.

This crap has been known about for YEARS, but arrogant fucking nitwits in the NSA decided that no one gets a fix until someone else takes a shit in the sandbox!

Utter! Fucking! Preventable! Bullshit!

People opening or even executing every attachment they get are to blame.. my boss once got a Ransomware in our system. When I arrived at her desk I saw she even tried to google "how to open jar file".

@spacem WannaCry is also exploitable over SMB. This requires no user interaction.