The British government does not yet know who was behind Friday's global cyber attack that disrupted the country's health system, Home Secretary Amber Rudd said on Saturday. Hospitals are notoriously slow in applying security fixes, in part because of how disruptive it is to take patient-facing equipment and databases offline.
Ms Rudd said: "Of the 48 that have been impacted, a lot of them are back to normal course of business". The U.K.'s National Cyber Security Center said it is "working round the clock" to restore vital health services.
Security officials in Britain urged organizations to protect themselves from ransomware by updating their security software fixes, running anti-virus software and backing up data elsewhere.
"It's an worldwide attack and a number of countries and organizations have been affected", she said.
All told, several cyber security firms said they had identified the malicious software, which so far has been responsible for tens of thousands of attacks, in more than 60 countries.
The Chinese online security company Qihoo 360 issued a warning about the virus, saying that many networks there had been hit and that some computers used to mine Bitcoin in China were among those infected.
Security experts warn there is no guarantee that access will be granted after payment. Hackers demanded victims pay a ransom that started at $300 for access to documents, photos, databases, videos and other files.
He said the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems.
The attack was the latest in the growing menace of ransomware in which hackers deliver files to computers that automatically encrypt their data, making it unusable until a ransom is paid.
The ransomware attack is at "unprecedented level and requires global investigation", Europol, the European Union's law enforcement agency, said on Twitter.
There are different variants of what happens: Other forms of ransomware execute programs that can lock your computer entirely, only showing a message to make payment in order to log in again. Other impacts in the USA were not readily apparent on Saturday.
If your computer has been affected, there's no guarantee that paying the ransom will restore it, Gazeley said. Attack code targeting that vulnerability was released publicly by Shadow Brokers, a group that has been leaking stolen hacking tools purportedly from the NSA.
The ransomware used in the attack is called WannaCry and attacks Windows operating systems.
Krishna Chinthapalli, a doctor at Britain's National Hospital for Neurology & Neurosurgery who wrote a paper on cybersecurity for the British Medical Journal, said many British hospitals still use Windows XP software, introduced in 2001. The state-owned oil company Petrobras and Brazil's Foreign Ministry also disconnected computers as a precautionary measure, and court systems went down, too.
Speaking at the Balmoral Show in Northern Ireland, Mrs May defended the Government's position on cyber security: "What is crucial is that this Government has actually put £2 billion into cyber security strategy and set up the National Cyber Security Centre, which has been advising organisations in the public sector like the NHS, but outside the public sector as well about cyber security".
Ministry spokeswoman Irina Volk was quoted by the Interfax news agency Saturday as saying the problem had been "localized" and that no information was compromised.
A spokesperson for the Russian Health Ministry, Nikita Odintsov, said on Twitter that the cyberattacks on his ministry were "effectively repelled".
Russian cellular phone operators Megafon and MTS were hit.
Mikko Hypponen, chief research officer at the Helsinki-based cyber security company F-Secure, told AFP that the attack was "the biggest ransomware outbreak in history", saying that 130,000 systems in more than 100 countries had been affected. Deutsche Bahn said it deployed extra staff to help customers.
The attack also forced French carmaker Renault to halt its production at sites in France in an effort to stop the malware from spreading. Forty-five NHS organisations were hit, while a large number of Spanish companies were also attacked using ransomware.