Companies worldwide are bracing for even more fallout from the biggest cyberattack ever as their workers head back to the office Monday.
The massive ransomware attacks that started late Friday have locked people out of their computers and demanded hundreds of dollars from the users before they could regain control.
The attacks exploit a vulnerability in outdated versions of Microsoft Windows that is particularly problematic for corporations that don’t automatically update their systems.
The virus has hit at least 150 countries and claimed 200,000 victims, according to the European Union’s law enforcement agency Europol. Hospitals, universities, manufacturers and government agencies in the U.K., China, Russia, Germany and Spain have all been affected.
And experts say the scope of the problem could expand as people return to work and fire up their computers.
There are several factors in play. While a U.K. security researcher managed to stop the spread of the virus, hackers have issued new versions that cybersecurity organizations are trying to counter and stamp out.
“We will get a decryption tool eventually, but for the moment, it’s still a live threat and we’re still in disaster recovery mode,” Europol director Rob Wainwright told CNN’s Becky Anderson on Sunday.
He added that the agency is still analyzing the virus and has yet to identify who is responsible for the attack.
At least one strain of the ransomware has proven especially vicious. Once it infects one computer within a network, it can spread to all the computers in that network “within seconds,” said Israel Levy, the CEO of the cybersecurity firm Bufferzone.
For example, if one of your coworkers opens an infected PDF attached to an email, soon everyone in your office could be under attack.
In the world of ransomware, that was “unheard of six months ago,” Levy said. The attacks used to only be able to target one machine at a time.
Officials say they’re aware of those problems.
“It is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks,” said the U.K.’s National Cyber Security Centre in a statement Sunday.
That’s why companies are anxious to beef up security or combat potential infections, according to Aviv Grafi, the chief technology officer of Votiro, another cybersecurity firm.
Grafi said his firm has been contacted by companies that are scrambling to avoid potential pitfalls.
The list of institutions affected is expected to grow as more become aware of hacks or if more variants spread infections.
FedEx: The company said it was “experiencing interference with some of our Windows-based systems caused by malware” and was trying to fix the problems as quickly as possible.
Nissan: The carmaker said in a statement that “some Nissan entities were recently targeted” but “there has been no major impact on our business.”
Colleges: Internet security firm Qihoo360 issued a “red alert” over the weekend, saying a large number of colleges and students in China had been hit by the ransomware attack.
Gas stations: State-run media in China reported that some gas stations saw their digital payment systems shut down, forcing customers to bring cash.
Deutsche Bahn: The German railway company told CNNMoney that due to the attack “passenger information displays in some stations were inoperative” as were “some ticket machines.”
Russian Central Bank: State media agency Tass reported the bank discovered malware bulk emails to banks but detected no compromise of resources. The central bank reportedly said those monitoring the cyberattacks found “no incidents compromising data resources of banking institutions.”
Russian Railways: State media said a virus attacked the IT system of Russian Railways, but it did not affect operations due to a prompt response. The company said the virus has been localized and “technical work is underway to destroy it and update the antivirus protection.”
Interior Ministry: The Russian Interior Ministry acknowledged a ransomware attack on its computers, adding that less than 1% of computers were affected. The statement said antivirus systems are working to destroy it.
Megafon: A spokesperson for Russian telecommunications company Megafon told CNN that the cyberattack affected call centers but not the company’s networks. He said the situation was under control.
Telefónica: Spanish authorities confirmed the Spanish telecom company Telefónica was one of the targets, though the attack affected only some computers and did not compromise the security of clients’ information.
National Health Service: At least sixteen NHS organizations have been hit, according to NHS Digital. “At this stage, we do not have any evidence that patient data has been accessed. We will continue to work with affected (organizations) to confirm this,” the agency said. The NHS has said hospitals have had to cancel some outpatient appointments because of the attack.
The UK government called a meeting of its crisis response committee, known as Cobra, to discuss how to handle the situation. The British Home Secretary said most of the NHS systems were back to normal by midday Saturday.