Teams of technicians worked "round the clock" Saturday to restore hospital computer systems in Britain and check bank or transport services in other nations after a global cyberattack hit dozens of countries and crippled the U.K.'s health system.
"NCSC and NCA are working with Europol and other global partners to make sure we all collect the right evidence, which we need to do to make sure we have the right material to find out who has done this and we go after them".
At NHS Western Isles, the radiology system has been affected and while it has had no impact on the care delivered locally, a spokesperson said it has affected their ability to share images with mainland Boards.
"We've never seen anything like this", the head of the European Union's policing agency told Britain's ITV television, calling its reach "unprecedented". The safety mechanism adds an extra layer of security by requiring users to input another personally identifiable credential along with the typical alpha-numerical password, like a PIN or phone number.
Officials struggled to explain why some NHS computers had not been "patched" with Microsoft updates to close the vulnerability that allowed the worm to spread across its networks. Some security experts calculate that ransomware may bring in as much as $1bn/year in revenue for the attackers. "You are dealing with a criminal", he said.
Problems with cyber security in NHS organisations were highlighted past year by Dame Fiona Caldicott, the national data guardian, who warned that issues were given insufficient priority and that health bodies persisted in using obsolete computer systems, The Times said.
"The reason why so many patients have been unaffected today is because they were ready for this, they had staff who came in over the weekend to make sure patients were unaffected", she said.
The last two hospitals that are still diverting patients are The Lister Hospital and Broomfield Hospital.
Expert finds more North Korea links in ransomware attack
The Lazarus Group is also believed to have been behind the infamous Sony hack, as well as a breach at a Polish bank. It is not clear if the objective of the WannaCry malware is to extort payments or to cause widespread damage.
About 1,000 computers at the Russian interior ministry had been affected, a spokeswoman for the ministry told Interfax news agency.
"We are asking all patients to attend their booked outpatient appointments and operations as planned tomorrow unless they receive a telephone call asking them not to attend, as some of our systems are still affected".
Microsoft's president and chief legal officer Brad Smith has said the US National Security Agency developed the original code used in the attack, which was later leaked in a document dump.
He also said the NHS may have "got away with it" to some extent, as its "obsolete" computer systems could easily have been subjected to a targeted attack seeking to extract patients' personal data.
He said it was "too early to say" what the overall cost of the attack to public coffers would be. The temporary halt in production was a "preventative step", Renault said, giving no details on how badly the plant was affected by the malware. Radio Slovenia said Saturday the Revoz factory in the southeastern town of Novo Mesto stopped working Friday evening to stop the malware from spreading - and was working with the central office in France to resolve the problem.
The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the NSA.
Nine out of ten NHS organizations use antiquated computer systems, specifically Windows XP, according to the software company Citrix. The state railway company and major telecoms firm Megafon were also hit.