Another major cyber-attack could be imminent after Friday’s global hit that infected more than 125,000 computer systems, security experts have warned.
UK security researcher “MalwareTech”, who helped to limit the ransomware attack, predicted “another one coming… quite likely on Monday”.
The virus, which took control of users’ files, spread to 100 countries, including Spain, France and Russia. In England, 48 NHS trusts fell victim, as did 13 NHS bodies in Scotland.
Some hospitals were forced to cancel procedures and appointments, as ambulances were directed to neighbouring hospitals free from the computer virus.
UK Home Secretary Amber Rudd said on Saturday that the problem was largely resolved but that “there’s always more” that could be done to protect against computer viruses.
NHS trusts that appear to still be experiencing IT difficulties are:
- St Bartholomew’s in London
- East and North Hertfordshire Trust
- James Paget University Hospitals Trust, Norfolk
- Southport and Ormskirk Hospital NHS Trust
- Lincolnshire Hospitals NHS Trust
- York Teaching Hospitals NHS Trust
- University Hospital of North Midlands Trust
After taking computers over, the virus displayed messages demanding a payment of $300 (£230) in virtual currency Bitcoin to unlock files and return them to the user.
BBC analysis of three accounts linked with the global attack suggests the hackers have already been paid the equivalent of £22,080.
MalwareTech, who wants to remain anonymous, was hailed as an “accidental hero” after registering a domain name to track the spread of the virus, which actually ended up halting it.
The 22-year-old told the BBC: “It’s very important that people patch their systems now.
“We have stopped this one, but there will be another one coming and it will not be stoppable by us.
“There’s a lot of money in this. There’s no reason for them to stop. It’s not really much effort for them to change the code and then start over.
“So there’s a good chance they are going to do it… maybe not this weekend, but quite likely on Monday morning.”
On Sunday he warned hackers could upgrade the virus to remove the “kill switch” that helped to stop it.
“Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You’re only safe if you patch ASAP,” he tweeted.