A cyberattack impacted computer systems in more than 150 countries over the weekend. The weapon used to initiate the attack is believed to be based on recently published vulnerabilities stolen from the National Security Agency. The attack, one of the largest ever, took over computers, encrypted their files and demanded payment in Bitcoin of $300 or more. Among the major institutions and government agencies impacted were FedEx in the U.S., the Russian Interior Ministry and Britain’s National Health Service. The attack also hit smaller venues, such as a car manufacturing factory in Romania owned by Renault.

The New York Times notes that, although experts said the attackers could reap more than $1 billion, as of Saturday afternoon, Elliptic, a company that tracks virtual currency transactions, reported that the Bitcoin accounts associated with the ransomware had only seen $33,000 in deposits. Still, as the deadline approaches for payment, that figure is “likely to increase.” But, warns Digital Shadows executive Becky Pinkard, “there’s no guarantee of service even if they do pay.”

The attack — the first in which an NSA-developed cyberweapon was used — was first reported in Britain. “Ransomware attacks happen every day — but what makes this different is the size and boldness of the attack,” said Royal United Services Institute cybersecurity expert Robert Pritchard. “Despite people’s best efforts, this vulnerability still exists, and people will look to exploit it.”

Among the countries impacted, says Russian cybersecurity firm Kaspersky Lab, Russia was hit the worst, followed by Ukraine, India and Taiwan. U.S. users were much less affected “because a British cybersecurity researcher inadvertently stopped the ransomware from spreading.”

The Wall Street Journal reports that experts say the attack is, “likely to keep growing as people around the world return to work.” Europe’s police coordination agency says “at least 200,000 individual terminals had fallen victim to the attack,” whereas Chinese authorities believe it could be as high as one million globally.

“This is something we haven’t seen before,” said Europol director Rob Wainwright. “The global reach is unprecedented.” Although the virus was slowed down, “few believe it was halted completely,” and at least one new strain continues to spread slowly. The FBI, Department of Homeland Security and the NSA are all on the case, as government agencies “have started a global manhunt for the perpetrator.”

“Intelligence officials and private security experts say that new digital clues point to North Korean-linked hackers as likely suspects in the sweeping ransomware attacks,” reports The New York Times. “The indicators are far from conclusive, the researchers warned, and it could be weeks, if not months, before investigators are confident enough in their findings to officially point the finger at Pyongyang’s increasingly bold corps of digital hackers.”

The New York Times says that “computer criminals are discovering that ransomware is the most effective way to make money in the shortest amount of time,” and it’s easier than ever to do so without special skills. Encryption technology is better, Bitcoin is hard to trace and there are “online sites that offer to do the data ransoming in return for a piece of the action.”

Four years ago, there were “roughly 16 variants of ransomware,” mainly in Eastern Europe; today there are “dozens of types of ransomware … supported by an entire underground industry.” In 2012, fewer than 3 percent of victims paid, but today it’s a 50-50 split. In the U.S., the FBI says that reported ransomware attacks “rose fourfold between 2015 and 2016, as did the ransom payments to hackers, to $1 billion.”

Related:
Hardly Anyone Paying the Hackers? Because Using Bitcoin Is Hard, Bloomberg, 5/15/17
In Ransomware Attack, Where Does Microsoft’s Responsibility Lie?, The New York Times, 5/15/17