A British cyber security researcher on Saturday accidentally discovered a "kill switch" that could prevent the spread of the unprecedented ransomware that hit companies and hospitals in more than 100 countries.
The researcher, tweeting as @MalwareTechBlog, said registering a domain name used by the malware stops it from spreading, though it cannot help computers already affected.
"If you have anything to patch, patch it," the researcher said in a blog post. "Now I should probably sleep."
Some experts said the threat had receded for now, in part because of the researcher's discovery, which only costed him 11 US dollars.
"We are on a downward slope, the infections are extremely few, because the malware is not able to connect to the registered domain," Vikram Thakur, principal research manager at Symantec, said as the threat subsided.
The researcher tweeted about his discovery. /Twitter Photo
Researchers are racing against the clock to try to decrypt infected computers and recover access to victims' files before the malicious code's ransom deadline expires in two days. But so far several said they have found no way to break the encryption.
The attackers may yet tweak the code and restart the cycle.
The researcher in Britain widely credited with foiling the ransomware's proliferation told Reuters he had not seen any such tweaks yet, "but they will (happen)."
Manhunt for hackers begins
International investigators began a manhunt Saturday for those behind the cyberattack, as security experts sought to contain the fallout.
"The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits," said Europol, Europe's police agency.
Europol said a special task force at its European Cybercrime Center was "specially designed to assist in such investigations and will play an important role in supporting the investigation".
The ransomware has been identified as WannaCry - here shown in a safe environment on a security researcher's computer. /Reuters Photo
G7 finance ministers meeting in Italy vowed to unite against cybercrime, as it represented a growing threat to their economies and should be tackled as a priority.
The danger will be discussed at the G7 leaders' summit next month. In Britain, the attack disrupted care at National Health Service facilities, forcing ambulances to divert and hospitals to postpone operations.
"There will be lessons to learn from what appears to be the biggest criminal cyberattack in history," UK Interior Minister Amber Rudd said.
"But our immediate priority as a government is to disrupt the attack, restore affected services as soon as possible, and establish who was behind it so we can bring them to justice."