It was coming. On March 14 this year, Microsoft released a security update which addressed the vulnerability in the 16-year-old Windows XP operating system that the hackers behind the massive ransomware attack exploited and created havoc in 150 countries.
Bart's Health, which runs several London hospitals, said it had activated its major incident plan, cancelling routine appointments and diverting ambulances to neighboring hospitals.
The U.S. Department of Homeland Security, in a statement late Friday, encouraged people to update their operating systems.
The identity of whoever deployed the software remains unknown.
Researchers say this type of ransomware will continue.
"Ransomware developers and attackers tend to borrow, copy and steal techniques and software from each other", he said.
There was some good news: having tipped their hand on Friday, and allowing hacking countermeasures to be implemented, about 97% of United Kingdom facilities and doctors disabled by the attack were back to normal operation, Home Secretary Amber Rudd said Saturday after a government meeting.
Infected computers are frozen and display a big message in red informing users, "Oops, your files have been encrypted!" and demanding about $300 in online bitcoin payment.
"Affected machines have six hours to pay up and every few hours the ransom goes up", said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. This is not the serious stuff yet. But it will improve intelligence services' accountability and, at the very least, force them to take better care of any dark stuff that comes into their hands. "What if the same exact thing happened to a water dam or to a bridge?" he asked.
"The numbers are still going up", Wainwright said.
But he aimed his sharpest criticisms at the US and other nations. Europol, the European Union's police agency, said the onslaught was at "an unprecedented level and will require a complex Global investigation to identify the culprits".
The malicious software - known as WannaCrypt or WannaCry - is widely believed to have been developed as a hacking tool by the US National Security Agency.
Dozens of countries were hit with a cyberattack Friday that locked up computers and held users' files for ransom at hospitals, companies and government agencies.
Angela Merkel's CDU 'seizes key state from rivals'
By area, North Rhine - Westphalia - only the fourth of the 16 Federal States of Germany, but by population first. The CDU only ruled in NRW for five years during that half century, from 2005 until 2010.
"The affected company doesn't fall under critical infrastructure, it's not a medical or health service and it is not a big company", he said.
The non-profit U.S. Cyber Consequences Unit research institute estimated that total losses would range in the hundreds of millions of dollars, but not exceed $1 billion. The ransomware will persist on systems already infected. Short of paying, options for these individuals and companies are usually limited to recovering data files from a backup, if available, or living without them.
The worm is primarily impacting business, where it can spread quickly through a network to take down an entire company.
This is a Windows flaw that was part of an hoard of software vulnerabilities apparently collected by the NSA - but leaked by the so-called Shadow Brokers.
WannaCry's success showed that a large number of organizations are falling behind on patches and that many have legacy systems running old versions of Windows.
Hong Kong-based Ivezic said that the ransomware was forcing some more "mature" clients affected by the worm to abandon their usual cautious testing of patches "to do unscheduled downtime and urgent patching which is causing some inconvenience".
In Russia, government agencies insisted that all attacks had been resolved. Russia's health ministry said its attacks were "effectively repelled".
"With the right approach, it won't be something that people will have to worry about", Microsoft's founder Bill Gates said of cyber attacks back in October on the BBC.
"It's an global attack and a number of countries and organizations have been affected", she said.
German rail operator Deutsche Bahn said some electronic signs at stations announcing arrivals and departures were infected. Deutsche Bahn said it deployed extra staff to help customers. Radio Slovenia said Saturday the Revoz factory in the southeastern town of Novo Mesto stopped working Friday evening to stop the malware from spreading.
Telecommunications company Telefonica was among many targets in Spain.
Heintz reported from Moscow and Breed from Raleigh, N.C.