An international manhunt is under way to find those responsible for a massive global cyberattack that hit as many as 100 countries.
Meanwhile, businesses around the world on May 13 said they were bolstering their defenses as experts said a lull in attacks might be just temporary.
The pace of attacks by the WannaCry "ransomware" slowed late on May 12, after having locked up at least 100,000 computers.
The instigators of the virus demanded computer owners pay $300 to $600 in Bitcoin to retrieve their encrypted data.
"It's paused, but it's going to happen again," Patrick McBride, an executive with cybersecurity firm Claroty, told Reuters news agency.
"We absolutely anticipate that this will come back."
Europol, Europe's police agency, said, "The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits."
The agency said a task force at its European Cybercrime Center was "specially designed to assist in such investigations and will play an important role in supporting the investigation."
The unprecedented cyberattack affected systems, including at banks, hospitals, and government agencies, in dozens of countries around the world -- with Russia, France, and Great Britain particularly hard hit.
In Britain, the attack disrupted National Health Service (NHS) facilities, forcing ambulances to divert and hospitals to delay operations. The NHS said on May 13 that almost all of its computers were back to normal operation.
The Russian Interior Ministry said some of its computers had been hit by a "virus attack." The country's banking system and railways were also hit, although no problems were detected.
Experts and government officials urged users not to give in to the hackers' demands.
"Paying the ransom does not guarantee the encrypted files will be released," the U.S. Department of Homeland Security's computer emergency-response team said.
"It only guarantees that the malicious actors receive the victim's money, and in some cases, their banking information."
Computer experts said the virus spread quickly because it used a digital code believed to have been developed by the U.S. National Security Agency. The code was leaked as part of a hacked document dump, the experts said.
A cybersecurity researcher has been credited with slowing the ransomware after accidentally discovering a "kill switch" that could prevent the spread.
The researcher issued a tweet from the @MalwareTechBlog that said registering a domain name used by the malware stops it from spreading, although it would not help computers already affected.
