"I am anxious about how the numbers will continue to grow when people go to work and turn [on] their machines", Rob Wainwright, director of the European investigative agency Europol, told NBC News' U.K. partner ITV on Sunday.
The WannaCry ransomware started taking over users' files on Friday, demanding $300 (£230) to restore access. Those include a known and highly unsafe security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and malware created to spread quickly once inside university, business and government networks.
"We've never seen anything like this", the head of the European Union's policing agency told Britain's ITV television Sunday, calling its reach "unprecedented".
Experts are concluding that WannaCry appears to exploit a bug found earlier this year by the U.S. National Security Agency (NSA), as well as a weakness in certain Microsoft operating systems. "But it is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks".
"And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cyber security threats in the world today - nation-state action and organised criminal action".
Organizations around the world spent the weekend trying to recover after being hit by a virus that seeks to seize control of computers until victims pay a ransom. But U.K. hospitals, Chinese universities and global firms like Fedex (FDX) also reported they had come under assault.
Spanish firm Telefonica, French automaker Renault, the US -based delivery service FedEx and the German railway Deutsche Bahn were among those affected.
"Paying the ransom does not guarantee the encrypted files will be released", said the US Department of Homeland Security's computer emergency response team.
Europol's Wainwright underscored the point Sunday.
Barcelona's title quest hit by untimely defensive crisis ahead of Las Palmas
Real Madrid and Barcelona are tied on points atop the standings, with Barcelona ahead on the head-to-head tiebreaker. The pair haven't heard from the club over their futures but Barca are said to be waiting for offers to come in.
WannaCry takes advantage of a vulnerability in Microsoft Windows.
"Very few banks if any have been affected because they've learned from painful experience of being the number one target for cybercrime", he said on ITV's Peston on Sunday program. It locks the user out in order to prevent them from accessing any saved files until they pay a certain amount of money.
The attack that began Friday is believed to be the biggest online extortion attack ever recorded, spreading chaos by locking computers that run Britain's hospital network, Germany's national railway and scores of other companies, factories and government agencies worldwide. That prompted the company to issue another patch on Friday for older and unsupported operating systems such as Windows XP, allowing users to secure their systems without requiring an upgrade to the latest operating software. Although it won't do any good for machines that have already been hit. "Even without having an antivirus", they said.
Apple's Mac computers were not targeted by this ransomware attack so are clear. Does the NSA bear any responsibility for these attacks?
U.S. package delivery giant FedEx, European vehicle factories, Spanish telecoms giant Telefonica, Britain's health service and Germany's Deutsche Bahn rail network were among those hit.
A hacking group called Shadow Brokers released the malware in April, claiming to have discovered the flaw from the NSA, Kaspersky said. Two big telecom companies, Telefónica (TEF) of Spain and Megafon of Russian Federation, were also hit.
The 200,000 victims included more than 100,000 organizations, Europol spokesman Jan Op Gen Oorth told The Associated Press. Officials urged organizations and companies to immediately update their security software.
He argued there should be "a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them".
Consumers who have up-to-date software are protected from this ransomware.