Pyotr Lidov, a spokesman for Megafon, said Friday's attacks froze computers in company's offices across Russian Federation.
On Friday, the world was hit by one of the biggest cyberattacks in recent history.
In Russia, where a wide array of systems came under attack, officials said services had been restored or the virus contained. According to a Twitter account that monitors those accounts, they've received only about 250 payments worth a total of slightly more than $72,000. But many corporations don't automatically update their systems, because Windows updates can screw up their legacy software programs. The ransomware was created to repeatedly contact an unregistered domain in its code.
In a tweet on Saturday, the anonymous cyber specialist/researcher acknowledged that he initially did not know that his action would help stop the malware.
"Thankfully some researchers are already registering the new domains as they identify them", AlienVault researcher Chris Doman says. It gives incentives to hackers and pays for future attacks.
Although the sinkholing of the WannaCrypt domain has been successful, MalwareTech warned the measure will only provide temporary relief as the worm authors - or copycats - could release a new variant with modified code.
Europol said on Monday it was continuing to hunt for the culprits behind the unprecedented attack.
A GLOBAL cyber attack that has struck computers across Europe and Asia is believed to have infected its first Australian business, the federal government says. Shortly after that disclosure, Microsoft announced that it had already issued software "patches", or fixes, for those holes - but many users haven't yet installed the fixes or are using older versions of Windows.
Computers and networks that hadn't recently updated their systems are still at risk because the ransomware is lurking.More news: Harry Styles on his sexuality: 'I shouldn't have to explain myself'
The attacks exploited the computers because they were running outdated versions of Microsoft's Windows operating system.
Given the scope of the attack, relatively few people appear to have actually paid the ransom. It appears to have hit first in Britain, where it effectively shut down parts of the National Health Service. The BBC quoted one NHS staffer who said it was "absolute carnage" and that "patients will nearly certainly suffer and die because of this". In March, Microsoft patched the vulnerability that the ransomware exploits - but only for newer Windows systems. "If even 1% paid the ransom that would be $6,00,000".
Colleges: Internet security firm Qihoo360 issued a "red alert" over the weekend, saying a large number of colleges and students in China had been hit by the ransomware attack.
"For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010". Two big telecom companies, Telefónica of Spain and Megafon of Russian Federation, were also hit.
"Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing emails" or other as yet unconfirmed ways the worm may propagate, said Christian Karam, a Singapore-based security researcher.
Ransomware is a program that gets into your computer, either by clicking on the wrong thing or downloading the wrong thing, and then it holds something you need to ransom.
"The operating systems on our computers and software downloads are managed centrally so that regular users can not download executable files from the internet without administrative rights", he said in an email. "We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally", the department said.
Security experts said his move bought precious time for organizations seeking to block the attacks. The statement said antivirus systems are working to destroy it. Here's how to turn automatic updates on.
A Jakarta hospital said on Sunday that the cyber virus had infected 400 computers, disrupting the registration of patients and finding records. Soon after the leak, hackers infected thousands of vulnerable machines with a backdoor called DOUBLEPULSAR.