People walk past a Megafon mobile phones shop in Moscow, Russia, Saturday, May 13, 2017. A top Russian mobile operator said Friday it had come under cyberattacks that appeared similar to those that have crippled some U.K. hospitals. Pyotr Lidov, a spokesman for Megafon, said Friday's attacks froze computers in company's offices across Russia. (AP Photo/Ivan Sekretarev)
People walk past a Megafon mobile phones shop in Moscow, Russia, Saturday, May 13, 2017. A top Russian mobile operator said Friday it had come under cyberattacks that appeared similar to those that have crippled some U.K. hospitals. Pyotr Lidov, a spokesman for Megafon, said Friday's attacks froze computers in company's offices across Russia. (AP Photo/Ivan Sekretarev) Credit: Ivan Sekretarev

A global “ransomware” cyberattack had technicians scrambling to restore Britain’s crippled hospital network Saturday and secure the computers that run factories, banks, government agencies and transport systems in many other nations.

The worldwide effort to extort cash from computer users is so unprecedented that Microsoft quickly changed its policy, making security fixes available for free for the older Windows systems still used by millions of individuals and smaller businesses.

A malware tracking map showed “WannaCry” infections popping up around the world. Britain canceled or delayed treatments for thousands of patients, even people with cancer. Train systems were hit in Germany and Russia, and phone companies in Madrid and Moscow. Renault’s futuristic assembly line in Slovenia, where rows of robots weld car bodies together, was stopped cold.

In Brazil, the social security system had to disconnect its computers and cancel public access. The state-owned oil company Petrobras and Brazil’s Foreign Ministry also disconnected computers as a precautionary measure, and court systems went down, too.

Britain’s home secretary said one in five of 248 National Health Service groups had been hit. Home Secretary Amber Rudd said all but six of the NHS trusts were back to normal Saturday.

The U.K.’s National Cyber Security Center was “working round the clock” to restore vital health services, while urging people to update security software fixes, run anti-virus software and back up their data elsewhere.

Who perpetrated this wave of attacks remains unknown. Two security firms – Kaspersky Lab and Avast – said they identified the malicious software in more than 70 countries. Both said Russia was hit hardest.

And all this may be just a taste of what’s coming, cyber security expert Ori Eisen warned. Computer users worldwide should assume that the next big “ransomware” attack has already been launched, and just hasn’t manifested itself yet, according to Eisen, founder of Trusona cyber security firm in Scottsdale, Ariz.

The attack held hospitals and other entities hostage by freezing computers, encrypting data and demanding money through online bitcoin payments. But it appears to be “low-level” stuff, Eisen said Saturday, given the amount of ransom demanded – $300 at first, rising to $600 before it destroys files hours later.

He said the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems. “This is child’s play, what happened. This is not the serious stuff yet. What if the same thing happened to 10 nuclear power plants, and they would shut down all the electricity to the grid? What if the same exact thing happened to a water dam or to a bridge?” he asked.

This is already believed to be the biggest online extortion attack ever recorded, disrupting services in nations as diverse as the U.S., Ukraine, Brazil, Spain and India. Europol, the European Union’s police agency, said the onslaught was at “an unprecedented level and will require a complex international investigation to identify the culprits.”

The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the U.S. National Security Agency for its own intelligence-gathering purposes. The NSA tools were stolen by hackers and dumped on the internet.

It could have been much worse if not for a young cyber security researcher who helped to halt its spread by accidentally activating a so-called “kill switch” in the malicious software.

The 22-year-old Britain-based researcher, identified online only as MalwareTech, explained Saturday how he registered a garbled domain name he spotted in the code. His $11 purchase of the name on Friday activated the domain, which commanded the malware to stop spreading. It may have saved governments and companies millions of dollars and slowed the outbreak before U.S.-based computers were more widely infected.

Indeed, while FedEx Corp. reported that its Windows computers were “experiencing interference” from malware – it wouldn’t say if it had been hit by the ransomware – other impacts in the U.S. were not readily apparent on Saturday.

The kill switch couldn’t help those already infected, however. Short of paying, options for these individuals and companies are usually limited to recovering data files from a backup or living without them.