As of Friday evening in New York, about 300 payments had been made, netting the hackers about $95,000 worth of the digital currency Bitcoin, according to companies monitoring the hackers’ payment accounts.
But the malicious software, which attacked versions of Microsoft’s Windows software, exposed the widespread vulnerability of computers to such attacks and offered a peek at a new type of crime capable of being committed on a global scale.
The latest strain of ransomware was particularly troubling, security experts warned, because it was based on software stolen from the United States National Security Agency that had been posted online last month. Law enforcement agencies in the United States and elsewhere have been searching for the WannaCry culprits, with attention focused on hackers linked to North Korea.
Even if the perpetrators are caught, the tools stolen from the agency are easy for anyone to use. They have already surfaced in other ransomware episodes and in stealthier attacks designed to steal passwords and spy on a computer’s activities, said Gil Barak, a founder and the chief technology officer at Secdo, a security company based in Israel. “It could be used to achieve anything,” Mr. Barak said.
New threats could emerge soon, given that the Shadow Brokers, the anonymous group that posted the first batch of N.S.A. tools online, is promising to release more of the software — including malware that attacks routers, smartphones and current versions of Windows — every month.
Early estimates of what the virus could ultimately yield for those who unleashed it had ranged from the tens of millions to even hundreds of millions of dollars. Victims were given seven days to pay from when their computers were first infected, so the deadline will vary from case to case.
But the attackers are unlikely to act on their threat even after the deadline passes, said Zohar Pinhasi, chief executive of MonsterCloud, an internet security company. Instead, he predicted, they will increase the ransom to squeeze those who conclude they must have the data. “Maybe in a week, the number will jump to $10,000,” he said.
Cybersecurity experts said on Friday that they had developed a potential way to decrypt individual machines without having to pay ransom. The technique, however, depended on how long attackers had hijacked the infected computers, and required a high level of technical expertise.
Along with broad attacks in Europe, many of the estimated 200,000 computers hit by WannaCry were in Asia, where widespread use of pirated software has increased their vulnerability. Those affected, including hospitals, government offices and universities, have lost access to business information, term papers and even medical records.
Some victims have struck a defiant tone. The Japanese conglomerate Hitachi, which was identified in the news media as a victim, declined to confirm those reports on Friday but said it had no intention of paying a ransom and that it expected to be fully secure against future attacks by Monday. Nissan Motor, another Japanese industrial giant, also said it would not pay a ransom.
In Britain, where the National Health Service was among the largest organizations affected by the ransomware, some medical institutions were still struggling to get back to normal.
Barts Health, one of the country’s largest hospital groups, said that it had been forced to cancel 20 percent of outpatient appointments, and to cut back on nonemergency surgeries.
Yet cybersecurity experts have generally advised those affected not to pay.
“It costs the perpetrators peanuts to carry out an attack like this,” said Rafael Sanchez, an international breach response manager at Beazley, an insurer in London that has handled thousands of ransomware attacks for corporate clients. “And any ransom will only likely lead to more attacks,” he added.
While some who paid ransom regained access to their files, according to the Finnish cybersecurity firm F-Secure, security analysts cautioned that there was no guarantee that all WannaCry victims would. The attackers listed only three addresses as payment destinations, making it difficult for them to determine which victims had paid, and therefore whose files to decrypt.
“It looks like the attackers had no intent in decrypting anything,” said Tom Robinson, a founder of Elliptic, a company in London that tracks online financial transactions involving virtual currencies and helps organizations respond to digital attacks.
According to law enforcement agencies, paying ransom could leave victims vulnerable to being targeted again.
In Berhampur, a city of about 380,000 on India’s eastern coast, two computers at the Berhampur City Hospital were hit by the WannaCry malware. Dr. Saroj Mishra, assistant health officer for the surrounding district of Ganjam, said that most of the data had been recovered, and that health officials had no intention of paying the hackers.
“We don’t have the permission to pay the hackers,” Dr. Mishra said. “There is no question of compromising.”
In other cases, those affected simply cannot afford to pay.
In China, where pirated software is believed to have contributed to the spread of the ransomware, about 4,000 of the 40,000 institutions affected were educational establishments. On Chinese social media, many students reported being locked out of final term papers.
“The hacker asked for $300 to $600,” said Zhu Huanjie, a college student in Hangzhou. “Average students can’t afford that.”
Mikko Hypponen, chief research officer at F-Secure, said that the total amount of ransom that had been paid remained relatively low because large organizations — many with detailed data retrieval plans — were the main victims of the attack.
Such preparations, he added, meant that while the daily activities of such organizations had been severely hamstrung in recent days, most had already replaced the affected data.
Muddying the efforts to catch those behind the initial cyberattack, copycats have also emerged.
Xu Hengyu, the information technology manager of Renxing Pictures, a Shanghai entertainment company, said the firm had intended to send more than $720 to hackers threatening to delete two months’ worth of data.
But Mr. Xu said that when he tried to negotiate the price down, the hackers told him he could wire the money to a Chinese bank account in local currency rather than Bitcoin. Mr. Xu said he was unsure whether the hackers were the same as those behind the WannaCry attack.
“We thought about reporting to the police, but we haven’t so far,” he said. “We thought if this problem could be solved by the direct payment, we’d rather stay that way and not go to the police, as the police must already have many cases.”
He added, “We still prioritize data recovery over everything else.”