(Adds details, quotes from military official)
By Andrea Shalal
BERLIN, May 15 (Reuters) - The German federal cyber agency, BSI, on Monday said it was aware of additional German institutions affected by the WannaCry "ransomware" cyber attack beyond those companies already known, and it expected additional variants of the virus to surface.
BSI President Arne Schoenbohm urged companies hit by the virus to report attacks through normal confidential channels and avoid payments to hackers under any circumstances.
"WannaCry is another urgent wakeup call to invest more in IT security," Schoenbohm said in a statement, saying German government networks were not affected, but some German companies still needed to improve their security.
He said the infections had not increased this week but urged companies to install a Microsoft patch that had been available for months.
German rail operator Deutsche Bahn said on Saturday that its systems were infected by a global cyber attack that caused computer turmoil in nearly 100 countries over the weekend and rolled into Asia on Monday .
Cyber attackers used ransomware to encrypt data on the computers, demanding payments of $300 to $600 to restore access. Victims were tricked into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.
Schoenbohm discussed the latest attacks and international coordination efforts with his counterparts from Austria, Switzerland and Luxembourg in Bonn on Monday, the BSI said.
Germany was the 13th most affected country by the attack, Schoenbohm said, noting that various defensive measures undertaken in recent years were paying off.
"But we can't give an all-clear. The ransomware remains in circulation and is spreading in Germany," he said. "We expect the perpetrators and copycats to continue to unleash new variants."
Konstantin von Notz, a Greens lawmaker and member of the parliamentary committee that oversees digitalisation, said Germany urgently needed to clarify which government agency would respond in the event of a major attack.
German officials are studying the issue and will make initial recommendations in July, government sources said.
Von Notz said it was not clear who was behind the latest attacks, but they involved software tools that had previously been under the control of the U.S. National Security Agency.
He criticised the German government for buying software flaws on the black market and using them to conduct espionage instead of fixing them.
"That carries with it massive dangers," he said. "These back doors that (the government) is using can also be used by criminals and enemy intelligence agencies."
Roland Obersteg, a top officer with Germany's new military cyber command, told a conference hosted by the German newspaper Tagesspiegel that it was imperative for more companies to report cyber attacks so authorities could better track threats. He also called it "illusory" to think that the German military would be able to respond immediately to a cyber attack by shutting down an enemy server.
"We need three to nine months to plan, program and prepare for such an action," he said. "That's not done overnight."
Both von Notz and Obersteg said Germany should adopt uniform cyber security standards for government and the private sector. (Reporting by Andrea Shalal; Editing by Michael Nienaber, Larry King)