The worldwide "ransomware" cyberattack spread to thousands more computers on Monday as people across Asia logged in at work, disrupting businesses, schools, hospitals and daily life.
The ransomware attack was particularly malicious because if just one person in an organization clicked on an infected attachment or bad link, all the computers in a network would be infected, said Vikram Thakur, technical director of Symantec Security Response.
He said "the level of criminal activity is at the lower end of the range that we had anticipated".
The ransomware attack has claimed 200,000 victims so far in 150 countries.
Companies around the globe are preparing for an imminent cyber attack as the offices re-open on Monday, media reports said.
Other victims include is a Nissan manufacturing plant in Sunderland, northeast England, hundreds of hospitals and clinics in the British National Health Service, German rail operator Deutsche Bahn and global shipper FedEx Corp. Seven of the 47 affected trusts were still having IT problems Monday. "This has to do with a vulnerability in Windows, and as we know, not everybody has the liberty and luxury of bringing down systems and keeping up with Microsoft patching". Security wonks are calling it the biggest cyberattack ever.
"This thing can not be brushed under the carpet", he said. Japanese broadcaster NTV reported 600 companies in that country had been hit, and automaker Nissan and the Hitachi conglomerate said they were addressing the problem at their affected units.
"It seems that a lot of internet security guys over the weekend did their homework and ran the security software updates".
People don't often install updates and patches on their computers.
When a computer becomes infected with the virus, the software contacts a central server, attacking and encrypting all of the files it can find on the network.
The virus exploits a flaw in a version of Microsoft Windows first identified by USA intelligence.
Scientists find 38 million pieces of trash on Pacific island
Researchers linked about 27 percent of the items to relatively nearby South America, including beach equipment and fishing gear. This makes Henderson Island a shocking but rather typical example of how plastics can affect the environment on a larger scale.
The attack held users hostage by freezing their computers, encrypting their data and demanding money through online bitcoin payment - $300 at first, rising to $600 before it destroys files hours later.
Many firms have had experts working over the weekend to prevent new infections.
"These appear to be "patched" versions of the original malware, rather than recompiled versions developed by the original authors", Ryan Kalember, senior vice president of cybersecurity strategy at Proofpoint said.
"I still expect another to pop up and be fully operational", Kalember said.
Officials across the globe scrambled over the weekend to catch the culprits behind a massive ransomware worm that disrupted operations at auto factories, hospitals, shops and schools, while Microsoft on Sunday pinned blame on the USA government for not disclosing more software vulnerabilities.
Microsoft's top lawyer is laying some of the blame at the feet of the US government. It is a kind of malware that prevents you from accessing your device and data stored on it until a specific amount is paid to the hacker or the creator of the same. Cybersecurity experts say the unknown hackers who launched the attacks used a vulnerability that was exposed in NSA documents leaked online.
Government agencies said they were unaffected.
Victims are also expected to contact the criminals for a key to unlock their files, said security expert Prof Alan Woodward from the University of Surrey.
"If you don't have a solid process in place for ongoing patching, then this is a great opportunity to do so", said Caplin. "It's like after a robber enters your home".
Paying the ransom could get your files released, but there is no guarantee that this will happen or that the hackers won't target you again or request an additional ransom.