Europol, the European Union’s police agency, says the international “ransomware” cyberattack that began on Friday has so far hit more than 100,000 organizations in at least 150 countries.

Spokesman Jan Op Gen Oorth said Sunday that the number of individuals who have fallen victim to the cyberextortion attack could be much higher.

He said it was too early to say who is behind the onslaught and what their motivation was.

The main challenge, he said, was the fast-spreading capabilities of the malware, but added that so far, not many people have paid the ransoms that the virus demands.

He warned that more people may be hit by the virus Monday when they return to work and switch on their computers.

The attack is believed to be the biggest online extortion attack ever recorded, disrupting computers that run factories, banks, government agencies and transport systems. 

China Global Cyberattack Ransomware

A screenshot of the warning screen from a purported ransomware attack, as captured by a computer user in Taiwan, is seen on laptop in Beijing on Saturday. (Mark Schiefelbein/Associated Press)

It crippled the British health care system for a day, infecting nearly 20 per cent of its health care groups, forcing medical treatments to be cancelled or postponed for thousands of people.

Germany’s national railway was also hit in the attack. On Saturday, officials said departure and arrival display screens at its train stations were affected, but there was no impact on actual train services. 

On Sunday, Chinese media reported that the virus attacked many university networks in China.

The Beijing News said that students at several universities around the country reported blocked access to their thesis papers and dissertation presentations.

In each case, a pop-up window demanded payments of $300, or about 2,000 yuan, in order to free the files.

‘Perfect storm’

But as terrifying as the unprecedented attack has been so far, cybersecurity experts say it’s nothing compared to what might be coming — especially if companies and governments don’t make major fixes.

A young cybersecurity researcher has been credited with helping to halt the spread of the global ransomware attack by accidentally activating a so-called “kill switch” in the malicious software.

The Guardian newspaper reported Saturday that the 22-year-old Britain-based researcher, identified online only as MalwareTech, found that the software’s spread could be stopped by registering a garbled domain name. It said he paid about $11 on Friday to buy a domain name that may have saved governments and companies around the world millions. His action couldn’t help those already infected, however.

Security experts tempered the alarm bells by saying that widespread attacks are tough to pull off. They said this one worked because of a “perfect storm” of conditions, including a known and highly dangerous security hole in Microsoft Windows, tardy users who didn’t apply Microsoft’s March software fix, and malware designed to spread quickly once inside university, business or government networks.