As many as 74 countries have been hit by a huge, fast-moving and global ransomware attack that locks computers and demands the digital equivalent of $300, according to Kaspersky Lab, a Russian-based cybersecurity company.
The infections have disabled more than a dozen hospitals in the United Kingdom, Spain's largest telecom company and universities in Italy as well as some FedEx computers. The payment was demanded per computer, to be paid in Bitcoin, an untraceable digital currency.
Infected computers showed a screen giving the user three days to pay the ransom. After that, the price would be doubled. After seven days the files would be deleted, it threatened.
The ransomware is believed to be linked to National Security Agency hacking tools that were leaked by a group that called itself the Shadow Brokers, according to Avast, a Czech security company that is following the fast-moving attack.
That group has been leaking pieces of more than a gigabyte worth of older NSA software weapons since August.
Avast has recorded over 50,000 attacks globally as of Friday afternoon. The majority are targeted at Russia, the Ukraine and Taiwan but have also hit multiple other countries.
Services in London, the central city of Nottingham, and the counties of Hertfordshire north of London and Cumbria in northern England were affected, according to the BBC. The NHS said 16 of its organizations reported they were victims.
The hackers behind the "ransomware" attack were demanding $300 worth of the online currency Bitcoin to release files from encryption, the Mirror and the Telegraph reported.
In a statement, the NHS said: "A number of NHS organizations have reported to NHS Digital that they have been affected by a ransomware attack which is affecting a number of different organizations. The investigation is at an early stage but we believe the malware variant is Wanna Decryptor."
"At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organizations to confirm this."
It said the attack was not specifically targeted at the NHS and was affecting other organizations. It said it was working to resolve the problem.