Tomorrow could see a ZOMBIE cyber-attack: IT expert who stopped the NHS hack warns the virus could come BACK TO LIFE in computers that have already been 'fixed'

• e-mail

A cyber attack which crippled more than 200,000 computers in 150 countries could strike again on Monday coming back to life in systems that have already been fixed.

The anonymous British IT expert who discovered a 'kill switch' which slowed the spread of the ransomware fears that it has a 'back door' installed - meaning hackers could easily inject a new strain of the virus.

Concerns have been raised that Monday could see a resurgence of the chaos which struck at the end of last week as office workers power up their machines.

The attack which began on Friday struck banks, hospitals and government agencies, exploiting known vulnerabilities in old Microsoft computer operating systems. 

An anonymous British blogger, 22, became an accidental hero by putting the brakes on the spread of the mass cyber attack, pictured

Experts fear that an email containing the virus could be laying dormant in hundreds of thousands of inboxes across the globe.

But now MalwareTech, the cyber expert who halted the first strain of the ransomware, has revealed exclusively to MailOnline that a new wave of chaos could begin across the globe if hackers have installed a back door.

The British cyber whiz was hailed an 'accidental hero' after he registered a domain name that unexpectedly stopped the spread of the virus, which exploits a vulnerability in Microsoft Windows software. 

He said: 'I'm not so worried with emails, it's supposedly that this ransomware actually drops a back door and we don't know yet if our fix kills the backdoor as well.

'There is a possibility someone could just re-hack the systems.

'Assuming the backdoor wasn't killed, any computer that was infected previously would then be re-infectable.

'They could essentially scan the internet for the backdoor and access it and drop the ransomware.

He continued:'Users would have to power up their systems tomorrow, not connected to the internet and then check them for the backdoor before connecting to the internet.

'It would be pretty tricky, you would need custom tools to actually scan and remove the backdoor.'

MalwareTech reckons he has prevented 200,000 computers across the globe from being infected.

But a Chinese hacker is thought to have mounted a bid to steal the domain name earlier today which would enable them to shut off the kill switch and resume the infections.

MalwareTech explained to MailOnline: 'I got a very strange email from a Chinese registrar trying to confirm the transfer of the domain.

The ransomware hit computers around the globe including in Germany where the rail network was infected

'So it looks like maybe someone has attempted to steal our domain.

'If you can take the domain you can turn the server off and the infections will continue.

'Everyone who hasn't had the software killed by our domain would then be vulnerable to infection.

'With a Chinese email from a Chinese registrar in Mandarin I think they would be Chinese. 

US package delivery giant FedEx, European car factories, Spanish telecoms giant Telefonica, the NHS and Germany's Deutsche Bahn rail network were among those targeted.

Europol director Rob Wainwright said he is now 'worried' about staff in companies across the globe turning their computers on on Monday.

An international manhunt is now under way for the plotters behind what is being described as the world's biggest-ever computer ransom assault. 

Defence Secretary Sir Michael Fallon has ruled out concerns over the threat of viruses on Trident operating systems - but refused to deny the Government uses the same computer system hit by the hackers.

Defence Secretary Sir Michael Fallon has ruled out concerns over the threat of viruses on Trident operating systems

Home Secretary Amber Rudd (pictured with former Metropolitan Police Commissioner Sir Bernard Hogan-Howe) chaired a Cobra meeting into the cyber attack crisis

Meanwhile health authorities are racing to upgrade security software amid fears hackers could exploit the same vulnerability with a new virus. 

The NHS is now facing a weekend of chaos as hospitals and GP surgeries have a six-week backlog of postponed appointments to contend with, including operations, once the crisis is brought under control.

It has since emerged that hospitals had been sent a 'patch' which could have protected them against the attack just two weeks ago - but few apparently downloaded it.

But Britain's nuclear deterrent is protected from cyber attacks, Sir Michael Fallon has said. 

The Government had set aside more than £1.9 billion to tackle cyber threats, of which some £50 million went to the NHS, after an official security review highlighted hacks as a major threat, he said.

Sir Michael told the BBC's Andrew Marr Show: 'We never comment on the different systems, obviously for reasons of security, that our submarines use but our Vanguard submarines I can absolutely assure you, are safe and operate in isolation when they are out on patrol, and I have complete confidence in our nuclear deterrent.'

Pressed further, he said: 'I can assure you that the nuclear deterrent is fully protected.'

Sir Michael said the NHS had been warned over cyber threats in the months before Friday's attack but every effort is going into protecting the NHS.

He added: 'Let me just assure you we are spending money on strengthening the cyber defence of our hospital system.'

Speaking to ITV's Peston on Sunday, Europol director Rob Wainwright said the attack was indiscriminate across the private and public sectors.

He said: 'At the moment we are in the face of an escalating threat, the numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning.

'The latest count is over 200,000 victims in at least 150 countries. Many of those will be businesses including large corporations.'

Britain's nuclear deterrent is protected from cyber attacks, Sir Michael Fallon told the BBC's Andrew Marr Show

Data released under the Freedom of Information Act in December suggested 90 per cent of NHS trusts are using Windows XP.  

There have been calls for an inquiry into the circumstances surrounding Friday's major incident, with the Government and NHS chiefs facing questions over their preparedness and the robustness of vital systems.

Mr Wainwright explained: 'We have been concerned for some time. The healthcare centres in many countries are particularly vulnerable. They are processing a lot of sensitive data.'

On Sunday MalwareTech issued a warning that hackers could upgrade the virus to remove the kill switch.

'Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You're only safe if you patch ASAP,' he wrote on Twitter. 

He and a team of analysts are collaborating and attempting to track the hackers and are investigating the possibility of a second wave of attacks.

He told MailOnline earlier: 'The hackers were infecting anyone they could.

'But there is a good chance I might not be able to shut down the next one, because they could patch the method we used to disable it. 

'If the system has not yet been affected, there is a risk a new variant could affect them tomorrow.

'If they are already affected, it could lie dormant. Anyone turning their computers on could find all their files will be encrypted.' 

Ciaran Martin, chief executive of the National Cyber Security Centre (NCSC), also warned there could be a fresh wave of victims on Monday.

He said: 'We have not yet seen Friday's attack reoccur, there's been no new wave of attacks.

'On Monday morning at the start of the new working week we can expect, it's likely that successful attacks from Friday that haven't yet become apparent will become apparent.

'And also existing known infections can spread, we can't say what scale the new cases will occur at but it's likely there will be some.' 

The Metropolitan Police is still using outdated software Windows XP, which is 15 years old and has been branded 'obsolete', leaving systems more vulnerable to attacks

A number of hospitals in England and Scotland were forced to cancel procedures after dozens of NHS systems were brought down in Friday's attack.

Medical staff reported seeing computers go down 'one by one' as the attack took hold, locking machines and demanding money to release the data.

Around a fifth of trusts were hit amid concerns networks were left vulnerable because they were still using outdated Windows XP software.

The apparent chink in the NHS's defences led to criticism of the Government and NHS bosses, with the Liberal Democrats demanding an inquiry takes place.

Speaking after a Cobra meeting on Saturday, Home Secretary Amber Rudd admitted 'there's always more' that can be done to protect against viruses.

She said: 'If you look at who's been impacted by this virus, it's a huge variety across different industries and across international governments.

'This is a virus that attacked Windows platforms. The fact is the NHS has fallen victim to this.

'I don't think it's to do with that preparedness. There's always more we can all do to make sure we're secure against viruses, but I think there have already been good preparations in place by the NHS to make sure they were ready for this sort of attack.'

Labour's shadow health secretary, Jonathan Ashworth, in a letter to Mr Hunt, said concerns were repeatedly flagged about outdated computer systems.

Speaking to Robert Peston, he demanded that the Conservatives publish the Department of Health's risk register to see how seriously they were taking IT threats. 

MalwareTech - who lives at home in the south of England with his mother and father - spotted a loophole in the code that meant he could block the virus.

He says he inadvertently halted the ransomware just hours after hearing news of a cyber attack on the NHS while out for lunch with a friend while on a week off from his job at an information security company.

But speaking exclusively to MailOnline, the computer expert revealed yesterday that cyber attackers are working to bring down the 'emergency stop' which is halting the virus from spreading in a bid to infect millions more across the globe.

He said: 'We've actually been getting attacks today - we don't think it's the actual group who were spreading the malware but another group is trying to attack us so the infections resume.

Cyber security worker @MalwareTech exploited a loophole by spending £8 to register the domain name the virus tries to connect to when infecting a new computer, causing a 'kill switch' to activate

He confirmed the block on the virus was an accident because he did not realise registering the website would work

The cyber expert, who goes by the username MalwareTechBlog online, continued: 'Obviously they haven't actually been successful, but had they been that would actually be quite a serious thing and it wouldn't really be something to laugh about.'

The security worker spent £8 registering the domain name the virus tries to connect with when it infects a new computer and pointed it at a 'sinkhole server' in Los Angeles.

It caused the malicious software to enact an 'emergency stop', immediately halting its spread - but at first the cyber expert feared he had actually made the virus epidemic worse.

Speaking of the moment he stopped the virus, the anti-malware expert told MailOnline: 'It should have been really nice but someone had made a mistake and told me that our registering of the domain actually caused the infection.

'When I found out that it was actually the opposite it was more a relief.

'Rather than a feeling of 'yes, we've done this' - it was like 'oh god, I haven't f***** up the world, so that's really great'.'

The virus infection resulted in a ransom message appearing on screens across the German rail network creating 'massive disturbances'

He revealed that he has been in touch with the government's National Cyber Security Centre about the fix - and that to say thank you his bosses have given him another week off work, which he plans to spend surfing.

He said: 'I was trying to avoid doing work for a week, doing odd jobs around the house, but I just got pulled back in.

'I don't really want anything, I just want to get back to my job really. My boss rewarded my with a new week off to replace my not-really week off.' 

But the 22-year-old does not believe the attack was specifically targeted at the NHS - rather that the health service 'happened to be vulnerable' and got 'caught in the crosshairs'.

Nevertheless he says it is 'a serious thing and there is a real risk to real people's health if you're shutting down hospital systems.'

One Twitter user posted this picture of computers in their university lab that were infected with the ransomware - it has wreaked havoc after spreading quickly around the globe

The young self-taught expert said he initially became interested in computers at the age of 11 when his mother and father installed parental control software on their family machine.

He set about working out how to get around the filters sparking a long interest in information security that got him his first job in the industry 10 years later in September last year.

MalwareTechBlog said: 'It was a bit 'red and blue wire' thing - but more fumbling about trying to figure out if the registering of the domain caused the infections or stopped them.'

He also issued advice for people who are infected - or those who are concerned that their computers could get the malware.

He said: 'The people who're already infected, there's not really much you can do. You can potentially pay the ransom but I don't know if this one will decrypt the files yet. 

The blogger warned vulnerable users to update their system and said the code could always be changed and the virus could start spreading again

This map released by cybersecurity experts, shows the impact of the ransomware around the world - with blue dots showing where attacks have been made. Russia is thought to be the worst affected, while Taiwan fears being the victim of a second wave. Europe was targeted first, meaning there were fewer incidents in the US because companies were able to prepare themselves better

Speaking about his temporary halt, @MalwareTechBlog said: 'Essentially they relied on a domain not being registered and by registering it, we stopped their malware spreading,'

The anonymous researcher warned however that people 'need to update their systems ASAP' to avoid a fresh attack.

He added: 'The crisis isn't over, they can always change the code and try again.' 

@MalwareTechBlog added: 'I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental.

But computers already affected will not be helped by the solution.

'So long as the domain isn't revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again.' 

Forcepoint Security Labs said in a Friday statement that the attack had 'global scope' and was affecting networks in Australia, Belgium, France, Germany, Italy and Mexico.

Cyber attack Q&A: What happened, why are hospitals vulnerable and didn't the NHS know it was at risk? 

Cyber criminals have unleashed their most dangerous weapon on the NHS – 'ransomware'. CHIEF REPORTER SAM GREENHILL explains.

What happened?

At 1.30pm yesterday, NHS computers came under massive attack from cyber criminals threatening to destroy patient files unless they received a ransom. Staff found computers locked, with a warning that files had been scrambled to make them unintelligible. It gave a one-week deadline to pay up and recover the data – or see it deleted. In response, dozens of NHS Trusts shut down their IT systems – cutting off phone lines and medical machinery.

Who is affected?

At least 37 NHS Trusts have been attacked by the 'Wanna Decryptor' ransomware virus.

What is ransomware?

A malicious virus which infects devices and holds information hostage until a ransom is paid. It can be triggered by a staff member clicking on a link in a malicious email that may look innocent. The virus lies low until it is activated, either by a timer or remotely by the cyber gang.

Blackpool Victoria Hospital is one of many across the country hit - operations have been cancelled and ambulances diverted 

What are the cyber criminals demanding?

The ransom note warns: 'Do not waste your time. Nobody can recover your files without our decryption service.' It demands $300 (£230) worth of the digital currency bitcoins – per computer infected – within three days or the price doubles. If the ransom is not paid by Friday, the files will be wiped 'forever'.

What are bitcoins?

The controversial web currency, dubbed 'geek's gold', recently overtook the value of an ounce of gold. One bitcoin is worth £1,367. They are not physical coins and only exist in cyberspace. Users can remain anonymous, which is why they are often used for illegal activity.

Why are hospitals vulnerable?

Many NHS computers are running very out-of-date software which can have serious security flaws. At least ten health trusts still rely on the Windows XP operating system, released in 2001.

Why target hospitals?

This is viewed as 'unethical' by some hackers, but hospitals are increasingly being seen as easy targets who will pay up quickly because getting systems running is a matter of life and death.

Who are the prime suspects?

Sources said the attack pointed to a criminal network rather than a state. Security insiders have vowed that the Government will not pay a ransom. Hackers in Russia, China, Ukraine and Taiwan have been pioneering ransomware lately.

Didn't the NHS know it was at risk?

Almost a third of NHS trusts have been infected by ransomware, according to the latest edition of the British Medical Journal. Experts have been warning about the risk to the NHS for years. Last year the Papworth Heart Hospital in Cambridge was attacked, but fortunately, a backup had just been completed of its files, meaning the system could be rebooted and the data was safe. The IT director said: 'We were very, very lucky.'

How can attacks be prevented?

Software should be kept up to date. Anti-virus programs can also be used to 'clean' malicious software from a computer. 

Advertisement

Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 (£230) in Bitcoin, saying: 'Ooops, your files have been encrypted!'

It demands payment in three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to the screen message.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, according to Kaspersky Lab, a Russian cybersecurity provider. 

Ransomware: How do hackers take your data hostage?

A Nissan spokesman told the Newcastle Chronicle staff were working to restore the multimillion pound factory to working order.

A spokesman said: 'Like many organisations, our UK plant was subject to a ransomware attack affecting some of our systems on Friday evening. Our teams are working to resolve the issue.'

It is understood production has still not resumed today, but that the plant was not operating at full capacity when the attack began.

The attack came at an embarrassing time for Prime Minister Theresa May after she pledged to make Britain the 'safest place to do business online' during campaigning for the General Election. 

Mrs May said: 'We want social media companies to do more to help redress the balance and will take action to make sure they do.

'These measures will help make Britain the best place in the world to start and run a digital business, and the safest place in the world for people to be online.'

Many are questioning where Health Secretary Jeremy Hunt is after he has so far remained silent on the crisis.

Shadow health secretary Jonathan Ashworth said concerns were repeatedly flagged about the NHS's outdated computer systems, which left it vulnerable to the virus.

WHO IS BEHIND THE ATTACK? 

It is currently unknown who the culprits are but it is understood criminal gangs will be investigated and it is likely Russia - which suffered the most from the attack - will form a large part of the inquiry. 

Russia has been the focus of several hacking investigations in recent months, with allegations from US sources of state-sponsored attempts to influence last year's US election.

Cyber spies Fancy Bears also operate out of Russia and have been involved in many recent hacking incidents including releasing details of athletes receiving therapeutic use of banned substances ahead of international competitions.

The identity of the culprits remains unknown but the EU's police agency Europol has launched a taskforce to investigate the crimes, with Russia expected to form a large part of the inquiry (file picture)

These included British cyclists Sir Bradley Wiggins and Chris Froome, both Tour de France winners, which showed they had been given exemptions to use banned drugs to treat asthma and allergies.

The spotlight could also fall on North Korea following claims from security experts last month that state-sponsored hackers targeted banks in 18 countries to steal funds to boost its nuclear programme.

A hacking operation known as Lazarus has targeted financial institutions in Europe, Central and South America, Africa, India and the Middle East, according to Russian researchers.

Cyber security firm Kaspersky Lab said it had obtained digital evidence that fuels suspicions that North Korea was involved in last year's $81 million cyber heist of the Bangladesh central bank's account at the Federal Reserve Bank of New York. 

According to the Guardian, the criminals behind the scam have only generated around $20,000 (£15,500) so far.

North Korea could also fall under the spotlight following accusations of state-sponsored hacking of 18 banks around the world last month. Pictured is leader Kim Jong-Un

Investigators Elliptic, a firm that works with law enforcement agencies to track illegal activity around online currency bitcoin, said it had identified a number of addresses for recipients of the funds, but was unable to identify them so far.

Co-founder Tim Robinson told the paper: 'In terms of identifying the attacker, what we can see at the moment is that around $20,000 worth of ransoms have been paid to these addresses.

'There are actually two versions of this malware, there was one that appeared in April and we've identified one bitcoin address associated with that, and there's a second version which appeared on Friday and we've identified three bitcoin addresses associated with that.

'These three addresses have received 8.2 bitcoins to date, which is about $14,000 dollars, and all of those bitcoins are still within those addresses. The ransomer hasn't withdrawn any of the funds yet so there's no opportunity to trace them.'

Advertisement

In a letter to Mr Hunt on Saturday he wrote: 'As Secretary of State, I urge you to publically outline the immediate steps you'll be taking to significantly improve cyber security in our NHS.

'The public has a right to know exactly what the Government will do to ensure that such an attack is never repeated again.' 

He added: 'NHS Trusts have been running thousands of outdated and unsupported Windows XP machines despite the Government ending its annual £5.5million deal with Microsoft, which provided ongoing security support for Windows XP, in May 2015.

'It effectively means that unless individual trusts were willing to pay Microsoft for an extended support deal, since May 2015 their operating systems have been extremely vulnerable to being hacked.'

Speaking to the BBC, Ms Rudd said no patient data had been 'stolen' but she could not confirm that all NHS files are backed-up, and 'hoped the answer was yes'.

She said: That is the instructions that everybody has received in the past. That is good cyber defence, but I expect, and we will find out over the next few days if there are any holes in that.'

She added: 'There may be lessons to learn from this but the most important thing now is to disrupt the attack, let's come back to afterwards whether there are lessons to be learned.'

Ms Rudd later told Sky News: 'It is disappointing that they have been running Windows XP - I know that the Secretary of State for Health has instructed them not to and most have moved off it.'

CYBER ATTACK ON NHS WAS 'ALWAYS GOING TO HAPPEN' 

Kingsley Manning, pictured, said it is not clear which organisation within the NHS 'has the responsibility for seeing that trusts' cyber security is fit for purpose'

An online attack on Britain's healthcare system was 'always going to happen', the former head of the body managing NHS cyber security said.

The Government has invested to protect against such an incident, ex-NHS Digital chairman Kingsley Manning said, but he added that it can be 'difficult' to ensure trusts spend on cyber security.

He described 'a patchwork of regulation' around who is responsible for making sure appropriate safeguards are in place.

Mr Manning told BBC Radio Four's PM programme: 'We were very well aware that this was a threat and indeed the Secretary of State and the Government has always seen it as being a threat.

'In fact we were investing and have been investing significant amounts of money in the anticipation that this sort of thing would happen. It was always going to happen.'

He added: 'There is also a patchwork of regulation in this area by comparison to, say, medical equipment or drugs.'

He said it is not clear which organisation within the NHS 'has the responsibility for seeing that trusts' cyber security is fit for purpose'.

In estimating that adequate systems for the health service could cost around £100 million each year, he said: 'In a world where every last £1 million of NHS spending is under severe scrutiny it is very difficult to get individual trusts, even if you provide the money centrally, to actually use that money for this purpose.'

Advertisement

She added: 'Where the patient data has been properly backed up, which has been in most cases, work can continue as normal because the patient data can be downloaded and people can continue with their work.'

But data released under the Freedom of Information Act in December suggested 90 per cent of NHS trusts are using outdated software Windows XP, which is 16 years old and has been branded 'obsolete', leaving systems more vulnerable to attacks.

Speaking to BBC Radio 4's Today programme, Ms Rudd added the virus had not been targeted at the NHS, saying the attack 'feels random in terms of where it's gone to and where it's been opened'.

She added: 'Windows XP is not a good platform for keeping your data as secure as the modern ones, because you can't download the effective patches and anti-virus software for defending against viruses.

'CQC (Care Quality Commission) does do cyber checks on the NHS trusts, on hospitals when they do their visits, and they will be advising NHS trusts to move to modernise their platforms and I think that after this experience, I would expect them all to move forward with modernising.' 

Labour leader Jeremy Corbyn branded the hackers 'unbelievably disgusting'.

He said: 'What we've now got is a bunch of 21st Century highway robbers that have hacked into our NHS and are basically offering protection money to get the information back in order to treat cancer patients or anybody else.

'It's unbelievably disgusting and I've got nothing but contempt for those people that have done it, and I'm sure all of you would share that.

'But I'm also very angry that in 2014, there was a one-year renewal of the protection system on the NHS systems which was not renewed after that and not renewed the year after that and so are systems are now not upgraded and not protected. As a result, we've got this dreadful situation that NHS workers are facing today.

'And so we obviously support our NHS workers but I tell you this, a Labour government would not leave our NHS's very vital information systems unprotected. We would protect them.' 

Speaking to Sky News, computer expert Lauri Love warned this may not be the end of the attack.

The Finnish-British national, who is accused of stealing data from the US government, said: 'I'm sad to say that this is probably only just beginning; administrators are in for a very difficult weekend,' he said.

'We should expect to see this in almost every country in the world.

'If you've been infected, not only have your files been encrypted and you're being held to ransom, but your machine is being used as a zombie to attempt to affect other machines on the internet.'

Labour leader Jeremy Corbyn, pictured in Lowestoft today, called the hackers '21st Century highway robbers'

Ciaran Martin, chief executive of the National Cyber Security Centre (NCSC), said thousands of organisations have been affected in dozens of countries around the world.

'The picture is emerging that this is affecting multiple countries and sectors and is not solely targeted at the NHS,' he added.

'We are very aware that attacks on critical services such as the NHS have a massive impact on individuals and their families, and we are doing everything in our power to help them restore these vital services.

'It is important that organisations reduce the risks of these attacks happening to them.'

The NCSC has warned organisations to ensure security and anti-virus software is up to date and to back up important data.

National Crime Agency (NCA) investigators are working with NCSC experts to track down those behind the virus.

Oliver Gower, deputy director of the NCA cyber crime unit, said: 'This was a large-scale attack, but we are working closely with law enforcement partners and industry experts in the UK and overseas to support victims and identify the perpetrators.

'Cyber criminals may believe they are anonymous but we will use all the tools at our disposal to bring them to justice.

'Victims of cyber crime should report directly to ActionFraud. We encourage the public not to pay the ransom demand.'

Gang behind 'unprecedented' attack using 'atom bomb of malware' which has now spread to 130,000 systems in more than 100 countries are targeted by global task force

More than 100 countries across the world have been affected by the 'unprecedented' cyber attack using a computer virus 'superweapon' dubbed the 'atom bomb of malware'.

It is believed more than 130,000 IT systems are affected around the world, including hospitals in the UK, telecoms and gas firms in Spain, schools in China, railways in Germany and the FedEx delivery company.

The European Union's police agency, Europol, says it is working with countries hit by the ransomware scam to rein in the threat, help victims and track down the criminals.

The German rail system was also experiencing issues due to the ransomware. Photos surfaced on social media showing ticket machines at train stations having been affected

Several computers at a university in Italy were also randomly targeted in the cyber attack

In a statement, Europol's European Cybercrime Centre, known as EC3, said the attack 'is at an unprecedented level and will require a complex international investigation to identify the culprits.'

EC3 says its Joint Cybercrime Action Taskforce, made up of experts in high-tech crime, 'is specially designed to assist in such investigations and will play an important role in supporting the investigation.'

The attack, which has locked up computers and held users' files for ransom, is believed the biggest of its kind ever recorded.

Meanwhile Russia is believed to be the worst affected country with computers in its interior ministry hit and its second largest phone network - Megafon - also targeted.

Ticketing machines and computers at German railway stations have also been affected alongside Spanish companies including telecoms giant Telefonica, power firm Iberdrola and utility provider Gas Natural. 

Union members at French carmaker Renault say the global cyberattack has forced it to halt production at sites in France in an effort to stop the malware from spreading.

The two unionists spoke on condition of anonymity because of the sensitiveness of the issue.

They say the factory of Renault factory at Sandouville, in northwestern France, was one of the sites affected.

Hundreds of private users in Taiwan were also struck by the malware.

Deutsche Bahn in Germany said departure and arrival display screens at its stations were hit Friday night by the attack.

The railway said that there was no impact on actual train services. 

The head of Turkey's Information and Communication Technologies Authority or BTK says the nation was among those affected by the ransomware attack. 

Omer Fatih Sayan said the country's cyber security center is continuing operations against the malicious software.

The company said it deployed extra staff to busy stations to provide customer information, and recommended that passengers check its website or app for information on their connections. 

Heart surgery I waited ten months for was cancelled at the last minute because of the cyber attack, reveals patient

A heart patient told last night how his long-awaited operation was cancelled because of the cyber attack as he waited to go into the operating theatre.

Patrick Ward, 47, had travelled with his family from his home in Steeple, Dorset, to St Bartholomew's Hospital in Central London for open heart surgery.

He was due to have a septal myectomy, for which he had been waiting ten months.

The surgery involves removing part of the septum – a wall of tissue that separates part of the heart – which is obstructing the flow of blood.

 Patrick Ward, 47, had travelled with his family to St Bartholomew's Hospital in Central London for open heart surgery only to have the operation cancelled

After having his arms and chest shaved and a cannula inserted into the back of his hand, he was ready to go into theatre when his surgeon told him they had to cancel the operation.

'I was told at about 1.30 that there had been a cyber hack and we couldn't proceed today,' he said. 'Apparently if I needed a blood transfusion during the procedure they would need to access files on their database, which they can no longer do.

'They can't tell me when the next available slot is to reschedule, so we'll stay at a hotel in London tonight and head back to Dorset tomorrow.'

Mr Ward, a sales director for an ice cream company, said: 'It's a specialist operation so it could be a while before I get another appointment. What I have isn't life-threatening but it has impacted my life a lot. It's very restricting.

'I think this is one of the few hospitals that can do it, and they only do it on certain days which is why I've had to wait so long to get a date set. It prevents me from doing exercise and I get pains when I walk. I was hoping to be able to play football again after the operation.

'I was supposed to spend a week in hospital recovering. My daughter travelled from Liverpool today to spend the weekend with me.'

Emma Simpson and her son whose appointment was delayed after the attack

Emma Simpson took her son, Sebastian, to Whipps Cross University Hospital in Leytonstone, east London, for an X-ray on his broken toe but was sent home because of the cyber attack.

They had an appointment with an orthopaedic clinic to check that the toe was healing properly.

But when they arrived they were greeted by 'chaos' and told that computers would be down until 'at least Monday'.

'They sent us away and said they would call us with a new appointment,' she told ITV London. 'Lots of people were very disappointed.'

A woman with a suspected blood clot was turned away from the Lister Hospital in Stevenage, Hertfordshire.

Anthony Brett from Bow, east London, was about to have a stent put in his liver to treat his cancer when he was told the procedure could not happen

Janetts Douras originally went to the A&E department on Thursday with the suspected clot but was sent home after six hours and told to return yesterday for a CT scan.

But after an hour she was sent away again with medication that she must inject herself to thin her blood.

She was asked to come back on Monday but said: 'I can't see it happening.' 

RANSOMWARE: THE CYBER ATTACK THAT CRIPPLED THE WORLD

What is ransomware? 

Ransomware is a type of malicious software that criminals use to attack computer systems.

Hackers often demand the victim to pay ransom money to access their files or remove harmful programs.

The aggressive attacks dupe users into clicking on a fake link – whether it's in an email or on a fake website, causing an infection to corrupt the computer.

In some instances, adverts for pornographic website will repeatedly appear on your screen, while in others, a pop-up will state that a piece of your data will be destroyed if you don't pay.

In the case of the NHS attack, the ransomware used was called Wanna Decryptor or 'WannaCry' Virus. 

The WannaCry virus targets Microsoft's widely used Windows operating system and can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC

What is the WannaCry virus? 

The WannaCry virus targets Microsoft's widely used Windows operating system.

The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files.

It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.

When opened the software tells users that their files have been encrypted and gives them a few days to pay up or their files will be deleted.

It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.

How to protect yourself from ransomware 

Thankfully, there are ways to avoid ransomware attacks, and Norton Antivirus has compiled a list of prevention methods:

1. Use reputable antivirus software and a firewall

2. Back up your computer often

3. Set up a popup blocker

4. Be cautious about clicking links inside emails or on suspicious websites

5. If you do receive a ransom note, disconnect from the Internet

6. Alert authorities