Europol: Cyberattack Threat Escalating As Manhunt Under Way

An international manhunt is under way to find those responsible for a massive global cyberattack that hit more than 200,000 victims in more than 150 countries, Europol has said.

An international manhunt is under way to find those responsible for a massive global cyberattack that hit more than 200,000 victims in more than 150 countries, Europol has said.

Europol executive director Rob Wainwright said on May 14 that few had given in to the demands for payments to unblock files so far, but warned that the situation was escalating.

"The global reach is unprecedented. The latest count is over 200,000 victims in at least 150 countries, and those victims, many of those will be businesses, including large corporations," the head of the pan-European Union policing agency told Britain's ITV television.

The pace of attacks by the WannaCry "ransomware" slowed late on May 12. The attack is believed to be the biggest online extortion attack ever recorded.

The attack might spread further once people return to work on May 15 and log on to their computers, Wainwright warned.

The instigators of the virus demanded computer owners pay $300 to $600 in Bitcoin to retrieve their encrypted data.

Europol said a task force at its European Cybercrime Center was "specially designed to assist in such investigations and will play an important role in supporting the investigation."

The unprecedented cyberattack affected systems, including at banks, hospitals, and government agencies, in dozens of countries around the world -- with Russia, France, and Great Britain particularly hard hit.

In Britain, the attack disrupted National Health Service (NHS) facilities, forcing ambulances to divert and hospitals to delay operations. The NHS said on May 13 that almost all of its computers were back to normal operation.

The Russian Interior Ministry said some of its computers had been hit by a "virus attack." The country's banking system and railways were also hit, although no problems were detected.

Experts and government officials urged users not to give in to the hackers' demands.

"Paying the ransom does not guarantee the encrypted files will be released," the U.S. Department of Homeland Security's computer emergency-response team said.

"It only guarantees that the malicious actors receive the victim's money, and in some cases, their banking information."

Computer experts said the virus spread quickly because it used a digital code believed to have been developed by the U.S. National Security Agency. The code was leaked as part of a hacked document dump, the experts said.

A cybersecurity researcher has been credited with slowing the ransomware after accidentally discovering a "kill switch" that could prevent the spread.

The researcher issued a tweet from the @MalwareTechBlog that said registering a domain name used by the malware stops it from spreading, although it would not help computers already affected.

With reporting by dpa, AFP, and AP