Thousands more infections were reported with the start of the workweek, largely in Asia, which had been closed for business when the "ransomware" locked up computers Friday at hospitals, factories, government agencies, banks and other businesses.
It said his $11 purchase of the name on Friday may have saved governments and companies around the world millions, slowing its spread before USA -based computers were hit on a massive scale. The U.K.'s National Cyber Security Center said it is "working round the clock" to restore vital health services. "This group might be behind WannaCry also", Suiche said, as cited by Wired.
The attack is unique, according to Europol, because it combines ransomware with a worm function, meaning once one machine is infected, the entire internal network is scanned and other vulnerable machines are infected.
The cyberattack that took computer files hostage around the world appeared to slow on Monday as authorities worked to catch the extortionists behind it - a hard task that involves searching for digital clues and following the money.
The perpetrators had raised less than $70,000 from users looking to regain access to their computers, according to Trump homeland security adviser Tom Bossert."We are not aware if payments have led to any data recovery", Bossert said, adding that no federal government systems had been affected.Some private sector cyber security experts said they were not sure if the motive of the attack was primarily to make money, noting that most large ransomware and other types of cyber extortion campaigns pull in millions of dollars of revenue."I believe that this was spread for the objective of causing as much damage as possible", said Matthew Hickey, co-founder of British cyber consulting firm Hacker House.
But with Microsoft making an exception this time and providing the patch free to XP users, it may come under pressure to do the same next time it issues a critical security update. It encrypted users' computer files and displayed a message demanding anywhere from $300 to $600 to release them; failure to pay would leave the data mangled and likely beyond fix.
"This was not a tool developed by the NSA to hold ransom data", he said, noting that no USA government systems had been hit.
Had it not been for a young cybersecurity researcher's accidental discovery of a so-called "kill switch", the malicious software likely would have spread much farther and faster that it did Friday. Railway stations, mail delivery, gas stations, hospitals, office buildings, shopping malls and government services were also said to be affected. Other impacts in the US were not readily apparent on Saturday. Short of paying, options for these individuals and companies are to recover data files from a backup, if available, or to live without them.
The most public damage was on the country's largest movie chain. Microsoft says now it will make the fixes free for everyone. You can change the locks but what has happened cannot be undone. Its movie ticket systems were unaffected. Russia's central bank said Saturday that no incidents were "compromising the data resources" of Russian banks. This one worked because of a "perfect storm" of conditions, including a known and highly unsafe security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and malware created to spread quickly once inside university, business or government networks.
French carmaker Renault's assembly plant in Slovenia halted production after it was targeted.
A spokesman for NHS Digital said: "Our understanding is that if that had been acted on it would have prevented (the malware attack)".
WannaCry paralyzed computers running mostly older versions of Microsoft Windows in some 150 countries.
The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the NSA as part of its intelligence-gathering.
"This is a global attack", he added.
The attack hobbled operations at Russia's Interior Ministry, Spanish telecommunications giant Telefónica and Britain's National Health Service. IF Odd, a 132-year-old Norwegian soccer club, saying its online ticketing facility was down.