The malicious ransomware attacks that affected computers in at least 150 countries on Friday could spread further as employees return to work this week, according to several cyber-security experts.
"They're going to turn on their computers in the morning and find out if they were protected or not" said James Barnett, a security expert at Venable. Moreover, the risk of getting affected is still high as employees might come back to work and click on infected links or email attachments that might further spread the ransomware software.
The ransomware has affected at least 200,000 computers worldwide since Friday. According to Rob Wainwright, the head of Europol, Europe's policing agency: "The numbers are still going up. We've seen that the slowdown of the infection rate over Friday night, after a temporary fix around it, has now been overcome by a second variation the criminals have released."
The initial attack on Friday - called "WannaCry" - first infected computers that run the UK's hospital network, Germany's national railway and several other companies and government agencies worldwide in what is being called the "the biggest ransomware attack ever." The software held the victims' computers hostage and threatened to delete their files unless they paid $300.
A 22-year old British security researcher who goes by the Twitter name MalwareTech is credited with slowing the spread of the ransomware by discovering a "kill switch" in the software that could disable the malware.
A global network of cyber-security experts are urging companies and organizations to update older Microsoft operating systems immediately to ensure they don't fall prey to a more powerful and future versions of the ransomware. The malware primarily targeted users of Windows XP, which was launched by Microsoft in 2001. The company mainly ended support for the aging operating system in 2014.
Microsoft has blamed the US government for creating the software code that was used by hackers to launch the cyber-attacks. Brad Smith, the company's lawyer wrote on Microsoft's official blog: "An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen." He further added that "repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage."
The source of the attack is a worrisome issue for the US government because the software is based on cyber-tools developed by the National Security Agency (NSA). A group called the Shadow Brokers were able to steal the tools last summer and started publishing them online. An investigation is on-going regarding how the codes got out.
Several cyber security experts now warn that copycat variants of the ransomware software might be making its way on the internet. "We are in the second wave," said Matthieu Suiche of Comae Technologies. "As expected, the attackers have released new variants of the malware. We can surely expect more."
The effects of the ransomware attack were felt around the world, affecting computers that run factories, banks, government agencies and transport systems in several countries. Chinese media reported that more than 29,000 institutions in the country were infected by the attack, while the Japanese media has claimed that more than 600 companies were hit. However, the full extent of the attack won't be known until employees head back to work.
In case of any ransomware attack, report Action Fraud.