Not surprisingly, government officials say it is not entirely their fault. They will not confirm or deny what Mr. Smith says outright: That these “vulnerabilities” come out of America’s growing cyberarsenal. At a news conference at the White House on Monday, Thomas Bossert, President Trump’s Homeland Security adviser, told reporters, “This was not an exploit developed by the N.S.A. to hold organizations ransom,” he said. “This was a vulnerability exploit that was part of a much larger tool put together by the culpable parties.”

“The provenance of the underlying vulnerability is not of as much concern to me,” Mr. Bossert said, stepping around the delicate question of the N.S.A.’s role.

The weapons used in the attacks that started Friday, government officials insist, were cobbled together from many sources. And the fault, they argue, lies with whoever turned them into weapons — or maybe with Microsoft itself, for not having a system in place to make sure that when they issue a patch that neutralizes such attacks, everyone around the world takes the time to fix their systems. Or with the victims, who failed to run their security updates made available two months ago, or who continue to use so-called “legacy” software that Microsoft no longer supports.

When asked about the source of the attack, Mr. Bossert said on Monday, “We don’t know.” He told reporters at the White House. “Attribution can be difficult. I don’t want to say we have no clues. But I stand assured that the best and brightest are working on this hack.”

As Mr. Bossert was speaking to reporters, yet another N.S.A. hacking tool, very similar to the one used in the weekend’s ransomware attacks, was being retrofitted by cybercriminals and put up for sale on the underground dark web. In private hacking forums, cybercriminals were discussing how to develop more than a dozen other N.S.A. hacking tools for criminal use.

Another round of attacks using the N.S.A. tools could well affect another big issue that the Obama administration debated and never resolved when it left office: whether the government can demand that all companies assure that investigators can “unlock” encrypted communications. Before he was fired last week, James B. Comey, the F.B.I. director, often complained that the government was “going dark,” and that intelligence agencies and local police departments needed a way to crack the encrypted mobile conversations of terrorists or kidnappers.