The threat receded over the weekend after a British-based researcher, who declined to give his name but tweets under the profile @MalwareTechBlog, said he stumbled on a way to at least temporarily limit the worm's spread by registering a web address to which he noticed the malware was trying to connect.
Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries, with Russia, Ukraine and Taiwan the top targets. The agency has not responded to requests for comment.The identity of the Shadow Brokers is not known, though many security researchers say they believe they are in Russian Federation, which is a major source of ransomware and was one of the countries hit first and hardest by WannaCry.
The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers on Friday.
Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too hard to patch without possibly disrupting crucial operations, security experts said.
Making the domain active appears to have stunted the spread of the worm, Thakur said on Saturday.
"The numbers are extremely low and coming down fast".
WannaCry exploited a vulnerability to spread itself across networks, a rare and powerful feature that caused infections to surge on Friday.More news: Nick Cannon mourns childhood friend killed in University City shooting
More news: Imperious Rafael Nadal Outclasses Novak Djokovic To Reach Madrid Final
More news: Former intel chief: "Our institutions are under assault" by Trump
Computers and networks that hadn't recently updated their systems are still at risk because the ransomware is lurking.
"This exploit is named as ETERNALBLUE", an advisory issued by the CERT-In. "Enable windows update, update and then reboot". It issued a patch on March 14 to protect them from Eternal Blue.
Experts say the spread of the virus had been stymied by a security researcher in the United Kingdom hackers have issued new versions of the virus that cyber security organizations are actively trying to counter and stamp out.
Authorities in Britain have been braced for cyber attacks in the run-up to the vote, as happened during last year's USA election and on the eve of the French vote.
Guillaume Poupard, head of France's national cyber security agency, told Reuters he is concerned infections could surge again on Monday, when workers return to the office and turn on computers. It's possible an NSA contractor may have been careless in leaving the hacking tool on an unsecured computer from which it was stolen by a hacking collective, that may have auctioned it on the dark net, although it came as a crumb of comfort that a domain name costing less than Rs 800 to create may have found the antidote to stop this virulent attack, the worst in the new millennium since the Love Bug virus. Portugal Telecom and Telefonica Argentina both said they were also targeted.
In Spain, some big firms took pre-emptive steps to thwart ransomware attacks following a warning from the National Cryptology Centre of "a massive ransomware attack".
The attacks did not disrupt the provision of services or networks operations of the victims, the Spanish government said in a statement.