'This is child's play,' expert warns after global cyberattack on schools, hospitals

Teams of technicians wereworkinground the clock Saturday to restore Britain's crippled hospital network and secure the computers that run factories, banks, government agencies and transport systems in other nations after a global cyberattack.

The worldwide cyberextortion attack is so unprecedented that Microsoft quickly changed its policy, announcing security fixes available for free for the older Windows systems still used by millions of individuals and smaller businesses.

After an emergency government meeting Saturday in London, Britain's home secretary said one in five of 248 National Health Service trusts had been hit. The onslaught forced hospitals to cancel or delay treatments for thousands of patients, even some with serious aliments like cancer.

Amber Rudd said 48 NHS trusts were affected and all but six were now back to normal. The U.K.'s National Cyber Security Center said it is "working round the clock" to restore vital health services.

• How a perfect storm allowed a global ransomware attack to happen
• Criminalssaid to use leaked NSAcyberweaponin cripplingransomwareattack
• Dozensof countries affected byransomwarecyberattack

Security officials in Britain urged organizations to protect themselves by updating their security software fixes, running anti-virus software and backing up data elsewhere.

The source of the wave of attacks remains unknown. Two security firmsKasperskyLab and Avastsaid they identified the malicious software in more than 70 countries. Both said Russia was hit hardest.

And all this may be just a taste of what's coming, acybersecurityexpert warned.

Computer users worldwideand everyone else who depends on themshould assume that the next big "ransomware" attack has already been launched, and just hasn't manifested itself yet, OriEisen, who founded theTrusonacybersecurityfirm, told The Associated Press.

The attack held hospitals and other entities hostage by freezing computers, encrypting data and demanding money through onlinebitcoinpayments.

But it appears to be "low-level" stuff, Eisen said Saturday, given the amounts of ransom demanded $300 worth of the digital currency at first, rising to $600 before it destroys files hours later.

He said the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems.

"This is child's play, what happened. This is not the serious stuff yet. What if the same thing happened to 10 nuclearpower plants, and they would shut down all the electricity to the grid? What if the same exact thing happened to a water dam or to a bridge?" he asked.

"Today, it happened to 10,000 computers,"Eisensaid. "There's no barrier to do it tomorrow to 100 million computers."

Nothing serious or deadly happened yet.- GermanKlimenko, Russian president's adviser

This is already believed to be the biggest online extortion attack ever recorded, disrupting services in nations as diverse as the U.S., Russia, Ukraine, Spain and India. Europol, the European Union's police agency, said the onslaught was at "an unprecedented level and will require a complex international investigation to identify the culprits."

The cyberattackalsohit Brazil, including itssocial security system, forcing it to disconnect computers and cancel public access to the agency. The state-owned oil company Petrobras and Brazil's Foreign Ministry also are affected, and both have disconnected computers as precautionary measure. Computers in a dozen Brazilian court systems are affected as well, along with the prosecutors in Sao Paolo. The office that oversees Brazil's National Intelligence Agency put out a statement saying there's no indication that government archives were hit.

Canada isn't believed to be among the estimated 99 countries affected.

Theransomwareappeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the U.S. National Security Agency for its own intelligence-gathering purposes. The NSA tools were stolen by hackers and dumped on theinternet.

A youngcybersecurityresearcher has been credited with helping to halt the spread of the globalransomwareattack by accidentally activating a so-called "kill switch" in the malicious software.

The Guardian newspaper reported Saturday that the 22-year-old Britain-based researcher, identified online only asMalwareTech, found that the software's spread could be stopped by registering a garbled domain name. It said he paid about $11 on Friday to buy a domain name that may have saved governments and companies around the world millions. His action couldn't help those already infected, however.

Microsoft makes fixes

Before Friday's attack, Microsoft had made fixes for older systems, such as 2001's Windows XP, available only to mostly larger organizations that paid extra for extended technical support. Microsoft says now it will make the fixes free for everyone.

Russian agencies slowly acknowledgedthey were affected but insisted that all attacks had been resolved.

The Russian Interior Ministry, which runs the country's police, confirmed it fell victim. Ministry spokespersonIrinaVolkwas quoted by theInterfaxnews agency Saturday as saying the problem had been "localized" with no information compromised.

A spokesperson for the Russian Health Ministry,NikitaOdintsov, tweeted thecyberattackson his ministry were "effectively repelled."

"When we say that the Health Ministry was attacked, you should understand that it wasn't the main server, it was local computers ... actually nothing serious or deadly happened yet," GermanKlimenko, a presidential adviser, said on Russian state television.

Russian cellular phone operatorsMegafonand MTS were among those hit. Russia's national railway system said it was attackedbut rail operations were unaffected. Russia's central bank said Saturday that no incidents were "compromising the data resources" of Russian banks.

FrenchcarmakerRenault's assembly plant in Slovenia halted production after it was targeted. Radio Slovenia said Saturday theRevozfactory in the southeastern town of NovoMestostopped working Friday evening to stop themalwarefrom spreading.

Security holes already disclosed

Dr. KrishnaChinthapalli, who's at Britain's National Hospital for Neurology &Neurosurgeryandwrote a paper oncybersecurityfor the British Medical Journal, said many British hospitals still use Windows XP software, introduced in 2001.

Security experts said it appeared to be caused by a self-replicating piece of software that enters companies when employees click onemailattachments, then spreads quickly as employees share documents.

The security holes it exploits were disclosed weeks ago byTheShadowBrokers, a mysterious group that published what it said are hacking tools used by the NSA. Microsoft swiftly announced that it had already issued software "patches" to fix those holes, but many users haven't yet installed updates or still use older versions of Windows.

Elsewhere in Europe, the attack hit companies including Spain'sTelefonica, a global broadband and telecommunications company.

Germany's national railway said Saturday departure and arrival display screens at its train stations were affected, but there was no impact on actual train services. Deutsche Bahn said it deployed extra staff to help customers.

Other European organizations hit by the massive cyberattack included some soccer clubs. IF Odd, a 132-year-old Norwegian club, saidits online ticketing facility was down.