Friday’s cyber-attack has affected more than 200,000 victims in 150 countries, Europol chief Rob Wainwright says.
He told the BBC the act was “unprecedented in its scale”. The virus took control of users’ files, demanding payments; Russia and the UK were among the worst-hit countries.
Experts say another attack could be imminent and have warned people to ensure their security is up to date.
Mr Wainwright said that the ransomware was combined with a worm application – a program that replicates itself in order to spread to other computers. This, he said, was allowing the “infection of one computer to quickly spread across the networks”.
‘Patch before Monday’
Although a temporary fix earlier slowed the infection rate, the attackers had now released a new version of the ransomware, he said.
What occurred was an “indiscriminate attack across the world on multiple industries and services”, Mr Wainwright said, including Germany’s rail network Deutsche Bahn, Spanish telecommunications operator Telefonica, US logistics giant FedEx and Russia’s interior ministry.
However, he said that so far “remarkably” few payments had been made by victims of the attack. BBC analysis of three accounts linked with the global attack suggests the hackers have been paid the equivalent of £22,080.
The virus exploits a vulnerability in Microsoft Windows software, first identified by the US National Security Agency, experts have said.
Microsoft released security updates last month to address the vulnerability.
The UK security researcher known as “MalwareTech“, who helped to limit the ransomware attack, predicted “another one coming… quite likely on Monday”. MalwareTech, who wants to remain anonymous, was hailed as an “accidental hero” after registering a domain name to track the spread of the virus, which actually ended up halting it.