Last Friday, stolen NSA malware was used to attack hospitals, universities, and businesses around the world, ultimately hitting hundreds of thousands of computers in more than 150 countries, including the us, reaching what Europol-Europe's leading police agency-described as an "unprecedented level".
It exploited a vulnerability in the Windows operating system believed to have been developed by the National Security Agency, which became public last month.
"NCSC and NCA are working with Europol and other global partners to make sure we all collect the right evidence, which we need to do to make sure we have the right material to find out who has done this and we go after them".
The attack has also hit 150 countries around the world since Friday.
In the United Kingdom, the National Health Service has been forced to cancel operations today within its hospitals after computers used to share patients' test results and scans with doctors remain frozen.
Here's a look at how malware and ransomware work and what people can do if they fall victim to attacks.
"We haven't ruled out that this is a state attack", said Bossert.
"Roughly one-third of the desktop computers in China runs Windows XP, so the risk of infection is much higher".
The U.K. government's cyber office put it succinctly: "T$3 he way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks".
The indiscriminate attack was unleashed Friday, striking hundreds of thousands of computers worldwide by exploiting known vulnerabilities in older Microsoft computer operating systems.
After taking computers over, the virus displayed messages demanding a payment of $300 in virtual currency Bitcoin to unlock files and return them to the user.
"(There have been) remarkably few payments so far that we've noticed as we are tracking this, so most people are not paying this, so there isn't a lot of money being made by criminal organisations so far".
"We weren't able to ingest the threat vector, which was probably an email that contained this malicious code in it, or a link to malicious code, and as a outcome we were probably better protected than our European cousins".
Cyber security minister Dan Tehan confirmed an Australian organisation had been affected and told Sky News there are reports of two other instances where this software may have been used. The company stopped supporting it - meaning that it issued no more updates, to fix problems - in 2014. Do not enable macros, cybersecurity company Symantec says. Many of those victims will be businesses, including large corporations.
Meanwhile Europol's chief told the BBC the ransomware was created to allow "infection of one computer to quickly spread across the networks", adding: "That's why we're seeing these numbers increasing all the time".
Another government security official said no government systems were affected.
- Running Windows? How to protect against the big ransomware attack
- Spanish F1 GP: Daniel Ricciardo scores first podium finish for 2017
- Most UK patients saw no change on Monday after cyber attack - minister
- Oosthuizen, Stanley share lead at Players
- North Korea blasts off 'new type' of missile in Kusong
- Amazon introduces Alexa Calling and Messaging
- U.S. should not stockpile cyber weapons, Microsoft says
- Burr: No evidence so far of Trump campaign-Russia collusion
- Leonard's injury spotlights a debated and dangerous NBA play
- It's far from case closed on Trump, Russia