An worldwide manhunt was well under way for the plotters behind the world's biggest-ever computer ransom assault.
MalwareTech said in a in a blog post Saturday that he had returned from lunch with a friend on Friday and learned that networks across Britain's health system had been hit by ransomware, tipping him off that "this was something big".
Described as the greatest cyber ransom assault, the attack started on Friday affecting state agencies and important companies around the globe including Russian banks, British hospitals in addition to FedEx as well as European auto factories.
Europol has warned that the threat "will continue to grow" as people return to work on Monday.
Europe's police agency says the attack has hit at least 100,000 organizations in 150 countries.
It is feared more cases of the "Wannacry" cyber attack will be uncovered in Ireland as businesses re-open tomorrow.
"We're in the face of an escalating threat, the numbers are going up".
The former US national intelligence director says the global "ransomware" attack could grow much larger when people return to work.
Britain's National Cyber Security Center said it could have been much worse if not for a 22-year-old Britain-based cybersecurity researcher.
The ransomware, called WannaCry, locks down files on an infected computer and asks the computer's administrator to pay in order to regain control of them.
"Most people are not paying this, so there ain't a lot of money being made with this by criminal organizations so far", the Europol chief said.
U.S. software firm Symantec said that part-way through Saturday, transactions totalling $28,600 had taken place through the five Bitcoin addresses used by the ransomware.
USA judge approves Volkswagen 3.0 litre, Bosch diesel settlements
Last month VW was sentenced to three years probation after pleading guilty to three felony counts on emission test cheating. If their cars cannot be fixed to meet standards then their lawyers can return to court to apply for buybacks.
It is not clear who is behind the attack, but the tools used to carry it out are believed to have been developed by the US National Security Agency (NSA) to exploit a weakness found in Microsoft's Windows system.
"It was essentially an indiscriminate attack across the world", Europol director Rob Wainwright said.
The attack therefore spread faster than previous, smaller-scale ransomware attacks.
This one worked because of a "perfect storm" of conditions, including a known and highly unsafe security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and malware created to spread quickly once inside university, business and government networks.
The companies and government agencies targeted were diverse.
He also said that this could be the most powerful cyber attack ever.
French carmaker Renault was forced to stop production at sites in France, Slovenia and Romania, while FedEx said it was "implementing remediation steps as quickly as possible". The company said it deployed extra staff to busy stations to provide customer information, and recommended that passengers check its website or app for information on their connections.
Coincidentally, finance ministers from the Group of Seven wealthiest countries had been meeting on Friday to discuss the threat of cyber-attacks on the global financial system.
The danger will be discussed at the G7 leaders' summit next month.
Its head of digital policy, Erik O'Donovan, says: "Safeguarding the resilience of our digital infrastructure and economy is a key priority for business".