Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too hard to patch without possibly disrupting crucial operations, security experts said.
Although the spread of a "ransomware" that locked up more than 200,000 computers in over 150 countries had slowed, the respite might only be brief as there could be new havoc on Monday when employees return to work, cyber-security experts said, according to Reuters.
His concerns were echoed by James Clapper, former director of national intelligence under President Barack Obama.
But the big second-wave outbreak that many feared they would see when users returned to their offices Monday morning and switched their computers back on failed to materialize.
"The latest count is over 200,000 victims in at least 150 countries".
So far, not many people have paid the ransom, said Jan Op Gen Oorth, a spokesman for Europol, the European police agency.
The virus took control of users' files, demanding payments; Russian Federation and the United Kingdom were among the worst-hit countries.
Tehan declined to provide details on the three affected companies, but said the first Australian company reported as hit was not "a government organization or a hospital or anything like that".
Chinese media reported Sunday that students at several universities were hit, blocking access to their thesis papers and dissertation presentations.
Smith's blog post did not address another factor in the ransomware's spread, one that hints at the difficulty of uniting against a hacking attack: Users of pirated Microsoft software are unable to download the security patch, forcing them to fend for themselves or rely on a third-party source for a solution. That affordable move redirected the attacks to MalwareTech's server, which operates as a "sinkhole" to keep malware from escaping.
"The software has actually stopped spreading across the world", he told CNN.
"We've never seen anything like this", he said.
Update your antivirus software.
French carmaker Renault was forced to stop production at sites in France, Slovenia and Romania, while FedEx said it was "implementing remediation steps as quickly as possible". "It should just be a case of making sure installing updates is enabled, installing the updates, and reboot".
The attacks exploit a vulnerability in outdated versions of Microsoft Windows that is particularly problematic for corporations that don't automatically update their systems.
The culprits used a digital code believed to have been developed by the US NSA - and subsequently leaked as part of a document dump, according to researchers at the Moscow-based computer security firm Kaspersky Lab.
Experts say this vulnerability has been understood among experts for months, yet too many groups failed to take it seriously.
Investigators are working to track down those responsible for the ransomware used on Friday, known as Wanna Decryptor or WannaCry.
Short of paying, options for those already infected are usually limited to recovering data files from a backup, if available, or living without them.
British cybersecurity expert Graham Cluley doesn't want to blame the NSA for the attack.
People who have GP appointments should turn up as normal unless they are contacted directly and told not to. "But there's clearly some culpability on the part of the US intelligence services. Because they could have done something ages ago to get this problem fixed, and they didn't do it".