Europol’s chief has warned the threat from the cyber attack which took down international services “will continue to grow” when people return to work on Monday.
Since Friday, more than 200,000 victims across 150 countries, including the NHS, have been infected by the Wanna Decryptor ransomware, also known as WannaCry.
Rob Wainwright, Europol’s director, said the attack will hit both the private and public sectors.
He said: “At the moment we are in the face of an escalating threat, the numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning.
“The latest count is over 200,000 victims in at least 150 countries. Many of those will be businesses including large corporations.”
How can you tell if a computer is infected?
The WannaCry, or Wanna Decryptor, ransomware works by encrypting files on computers, locking users out.
A message will appear onscreen with a ransom demand, countdown timer and bitcoin wallet to pay funds into.
What is the best way to protect your system?
The NCSC says the best way to protect your system is by using the latest software, which often includes solutions for known weaknesses, and run an up-to-date anti-virus programme.
Also backup any important data and ensure the latest WannaCry “patch” – which prevents the ransomware attacking – is installed.
For particularly vulnerable systems, they should be shut down as a final fail-safe way to stop the ransomware.
How does the virus spread?
There are several ways for it to spread.
Opening attachments or links in phishing emails, or downloading legitimate-looking programmes containing malware can all spread the virus.
Another method, which preys on machines using outdated software, is visiting a malicious site.
Once inside a network the virus can then spread to other connected computers.
What to do if your computer is infected?
The National Crime Agency (NCA) encourages victims not to pay any ransom and to contact Action Fraud.
Ciaran Martin, chief executive of the NCSC, also wanred there would be a fresh wave of victims on Monday.
“We have not yet seen Friday’s attack reoccur, there’s been no new wave of attacks.
“On Monday morning at the start of the new working week we can expect, it’s likely that successful attacks from Friday that haven’t yet become apparent will become apparent.
“And also existing known infections can spread, we can’t say what scale the new cases will occur at but it’s likely there will be some.”
This morning Defence Secretary Sir Michael Fallon assured Britons the country’s nuclear deterrent is safe from the cyber attacks as they “operate in isolation”.
An international effort is under way to track down the criminals behind the unprecedented global cyber attack.
Investigators have been working non-stop since Friday to hunt down those responsible for deploying the ransomware.
Europol said its cybercrime specialists will support affected countries as a “complex international investigation” to identify the culprits begins.