With the clock ticking on whether a global hacking attack would wipe out his data, Bolton Jiang had no intention of paying a 21st-century ransom.
Since a week ago, when the malware first struck, Jiang had been fixing and replacing computers at the electronics company where he works in Shanghai. Meeting the hackers' demands was a bother, he said, and there was no guarantee he would get his data back.
"Even if you do pay, you won't necessarily be able to open the files that are hit," he said. "There is no solution to it."
Tens of thousands of computer users around the world made the same decision, refusing to pay the anonymous hackers behind the ransomware attack known as WannaCry. The attackers had demanded that individuals pay up to $600 by Friday to regain control of their machines, or face losing their data.
As of Saturday, about 300 payments had been made, netting the hackers about $95,000 worth of the digital currency bitcoin, according to companies monitoring the hackers' payment accounts.
But the malicious software, which attacked versions of Microsoft's Windows software, exposed the widespread vulnerability of computers to such attacks and offered a peek at a new type of crime capable of being committed on a global scale.
The latest strain of ransomware was particularly troubling, security experts warned, because it was based on software stolen from the US National Security Agency that had been posted online last month. Law enforcement agencies in the United States and elsewhere have been searching for the WannaCry culprits, with attention focused on hackers linked to North Korea.
Even if the perpetrators are caught, the tools stolen from the agency are easy for anyone to use. They have already surfaced in other ransomware episodes and in stealthier attacks designed to steal passwords and spy on a computer's activities, said Gil Barak, a founder and the chief technology officer at Secdo, a security company based in Israel. "It could be used to achieve anything," Barak said.
New threats could emerge soon, given that the Shadow Brokers, the anonymous group that posted the first batch of NSA tools online, is promising to release more of the software - including malware that attacks routers, smartphones and current versions of Windows - every month.
Early estimates of what the virus could ultimately yield for those who unleashed it had ranged from the tens of millions to even hundreds of millions of dollars. Victims were given seven days to pay from when their computers were first infected, so the deadline will vary from case to case.
But the attackers are unlikely to act on their threat even after the deadline passes, said Zohar Pinhasi, chief executive of MonsterCloud, an internet security company. Instead, he predicted, they will increase the ransom to squeeze those who conclude they must have the data. "Maybe in a week, the number will jump to $10,000," he said.
Cybersecurity experts say they had developed a potential way to decrypt individual machines without having to pay ransom. The technique, however, depended on how long attackers had hijacked the infected computers, and required a high level of technical expertise.
Along with broad attacks in Europe, many of the estimated 200,000 computers hit by WannaCry were in Asia, where widespread use of pirated software has increased their vulnerability. Those affected, including hospitals, government offices and universities, have lost access to business information, term papers and even medical records.
Some victims have struck a defiant tone. The Japanese conglomerate Hitachi, which was identified in the news media as a victim, declined to confirm those reports Friday but said it had no intention of paying a ransom and that it expected to be fully secure against future attacks by Monday. Nissan Motor, another Japanese industrial giant, also said it would not pay a ransom.
Cybersecurity experts have generally advised those affected not to pay.
"It costs the perpetrators peanuts to carry out an attack like this," said Rafael Sanchez, an international breach response manager at Beazley, an insurer in London that has handled thousands of ransomware attacks for corporate clients. "And any ransom will only likely lead to more attacks," he added.
While some who paid ransom regained access to their files, according to the Finnish cybersecurity firm F-Secure, security analysts cautioned that there was no guarantee that all WannaCry victims would. The attackers listed only three addresses as payment destinations, making it difficult for them to determine which victims had paid, and therefore whose files to decrypt.
"It looks like the attackers had no intent in decrypting anything," said Tom Robinson, a founder of Elliptic, a company in London that tracks online financial transactions involving virtual currencies and helps organisations respond to digital attacks.
According to law enforcement agencies, paying ransom could leave victims vulnerable to being targeted again.
In Berhampur, a city of about 380,000 on India's eastern coast, two computers at the Berhampur City Hospital were hit by the WannaCry malware. Dr. Saroj Mishra, assistant health officer for the surrounding district of Ganjam, said that most of the data had been recovered, and that health officials had no intention of paying the hackers.
"We don't have the permission to pay the hackers," Mishra said. "There is no question of compromising."
In other cases, those affected simply cannot afford to pay.
In China, where pirated software is believed to have contributed to the spread of the ransomware, about 4,000 of the 40,000 institutions affected were educational establishments. On Chinese social media, many students reported being locked out of final term papers.
"The hacker asked for $300 to $600," said Zhu Huanjie, a college student in Hangzhou. "Average students can't afford that."
Mikko Hypponen, chief research officer at F-Secure, said that the total amount of ransom that had been paid remained relatively low because large organisations - many with detailed data retrieval plans - were the main victims of the attack.
Such preparations, he added, meant that while the daily activities of such organisations had been severely hamstrung in recent days, most had already replaced the affected data.
New York Times