LONDON (AP) - Employees booting up computers at work Monday could see red as they discover they're victims of a global "ransomware" cyberattack that has created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear.
The assault, which began Friday and was being described as the biggest-ever cyber ransom attack, struck state agencies and major companies around the world - from Russian banks and British hospitals to FedEx and European vehicle factories.
Ciaran Martin, chief executive of the National Cyber Security Centre (NCSC), said: "On Monday morning at the start of the new working week it's likely that successful attacks from Friday that haven't yet become apparent will become apparent".
The current WannaCrypt variant initially asks for US$300 and then later doubles to US$600, before threatening to delete files completely if the victim doesn't pay up within a week.
And all this may be just a taste of what's coming, a leading cyber security expert warned.
Hackers encrypted those files, rendering them unreadable.
Nonetheless, the experts say such widespread attacks are tough to pull off.
By doing so, he unexpectedly triggered part of the ransomware's code that told it to stop spreading.
"It's all hands on deck", said Shane Shook, an independent security consultant whose customers include large corporations and governments.
Microsoft said it had taken the "highly unusual step" of releasing a patch for computers running older operating systems including Windows XP, Windows 8 and Windows Server 2003.
"Until this weekend's attack, Microsoft declined to officially confirm this, as US Gov refused to confirm or deny this was their exploit", wrote NSA whistleblower Edward Snowden in a tweet.
Hospitals, major companies and government offices were among those that were badly affected. But at least two public universities in the United States have reported infections, according to a spokeswoman for a cyber-information-sharing organization dedicated to state and local governments.
The ransomware encrypted data on the computers, demanding payments of $US300 ($A406) to $US600 ($A812) to restore access. The country's banking system was also attacked, although no problems were detected, as was the railway system.
'It's an worldwide attack and a number of countries and organisations have been affected, ' British Prime Minister Theresa May said.
An organization that is attacked should immediately isolate the affected systems and networks to avoid the spread of the malware and contact law enforcement.
After denying reports that its computers had been targeted, the Russian Interior Ministry later confirmed that "around 1,000 computers were infected".
Kaspersky said it was "trying to determine whether it is possible to decrypt data locked in the attack - with the aim of developing a decryption tool as soon as possible".
The cyberattack that spread malicious software around the world, shutting down networks at hospitals, banks and government agencies, was thwarted by a young British researcher and an low-cost domain registration, with help from another 20-something security engineer in the U.S.
All it would take is for a new group to change the original malware code slightly to remove the "kill switch" and send it off into the world, using the same email-based methods to infiltrate computer systems that the original attackers used, experts said.
"This variant shouldn't be spreading any further, however there'll nearly certainly be copycats", said security researcher Troy Hunt in a blog post. "Now I should probably sleep".
Businesses, government agencies and other organizations were urged to quickly implement a patch released by Microsoft Corp.
"Obviously, they want those tools in order to spy on people of interest, on other countries, to conduct surveillance", Cluley said.
G7 finance ministers meeting in Italy vowed to unite against cyber crime, as it represented a growing threat to their economies and should be tackled as a priority.
Britain's national health service fell victim, its hospitals forced to close wards and emergency rooms and turn away patients.