IE 11 is not supported. For an optimal experience visit our site on another browser.

Huge Cyberattack Hits Nearly 100 Countries With 'Wanna Decryptor' Malware

A large-scale cyberattack affected nearly 100 countries and held tens of thousands of computers ransom.
Gillian Hamm, family doctor in England, received this message on her computer Friday.
Gillian Hamm, family doctor in England, received this message on her computer Friday.Gillian Hann via Twitter

Hospitals, schools, companies and governments around the world were assessing the damage Saturday after a massive cyberattack hit almost 100 countries, infecting computers with malware that demanded ransom payments.

No one has yet claimed responsibility for the worldwide attack, which some experts believe was inspired by a National Security Agency tool kit that was leaked last year.

Antivirus provider Avast reported that some 100,000 computers had been infected by the crippling malware and that the "WanaCrypt0r 2.0," as it is called, ransomware had been detected in 99 countries with Russia, Ukraine and Taiwan the top targets.

More than 20 British hospitals and major companies, including FedEx and Spain's largest telecom, were affected in Friday's hack. British Home Secretary Amber Rudd said 45 public health organizations had been hit and admitted that her officials had no idea who was behind the attack.

Auto makers Renault and Nissan were the latest multinationals to announce their computer systems had been compromised.

In Germany, customer information screens at railway stations were hit but there was no impact on services.

Image: TOPSHOT-GERMANY-WORLD-CYBER-SECURITY-ATTACKS
The cyberattack affected customer information displays in Germany on Saturday.P. GOETZELT / AFP - Getty Images

Russia's Interior Ministry also confirmed it had been hit, while Russia's central bank said it had thwarted the attack.

The malicious software — known as the Wanna Decryptor, or WannaCry — locks a system and its files from use unless money is paid to hackers.

The malware typically spreads through email phishing programs and had exploited a known bug in Microsoft Windows' operating system.

It is especially nasty because it acts like a worm — finding security holes in a computer to spread throughout a network.

Computer experts told NBC News that the leaked NSA tool kit demonstrated to the hackers how they could attack Windows systems. But they specified that whoever was behind the attack did not use an NSA ransomware tool as some media reports have suggested.

Andrew Komarov, chief intelligence officer for the cybersecurity firm InfoArmor, said there was no indication that either WannaCry or Friday's attack had anything to do with the NSA "or any other state-sponsored cyber offensive activities."

It was the size of the attack that shocked experts. "The scale of it — that's pretty unprecedented," Ben Rapp, the CEO of IT support company Managed Networks, told NBC News' British partner ITV News. "There's been a lot of ransomware in hospitals, but to see 16 hospitals, last time I looked, and reports of other people — this is probably the biggest ransomware attack we've seen."

Microsoft said it was pushing out automatic Windows updates to defend its clients from the malware.

The U.S. Department of Homeland Security said Microsoft released a patch to address the vulnerability in March and urged users to install it.

Whistleblower Edward Snowden blamed the NSA for the damage, tweeting: "If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened."

In a statement, FedEx said that it was "experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible."

The Memphis, Tennessee-based global delivery company did not immediately say whether a ransom was demanded for return of their computers' functions.

Spanish telecom giant Telefonica confirmed in a statement that a "cybersecurity incident" occurred Friday that affected the computers at its Madrid headquarters.

China's official news agency Xinhua said secondary schools and universities were hit, but did not say how many or identify them.

Gillian Hamm, family doctor in England, received this message on her computer Friday.
Gillian Hamm, family doctor in England, received this message on her computer Friday.Gillian Hann via Twitter

It could take days before some affected systems are cleaned up.

In a twist, a 22-year-old U.K. cybersecurity researcher, known online as MalwareTech, has been hailed as an "accidental hero" for halting the spread of the malware bug.

The researcher reportedly identified a domain name in the malware virus and purchased the site, which acted as a "kill switch", according to ITV News.

He told NBC News that he purchased the site to track the malware virus — not realizing it would stop it from spreading further.

It is not the first time ransomware has been used, and sometimes, hackers hit the jackpot: Last year, Hollywood Presbyterian Medical Center forked over $17,000 after suffering a ransomware attack.

Friday's demand — reportedly for $300 of digital currency Bitcoin — is relatively low, according to experts. "It's a small ransom," said Gene Spafford, founder and executive director emeritus of Purdue University's Center for Education and Research in Information Assurance and Security. "But if you set the price too high then many of their victims won't pay."

Spafford said ransomware typically targets those without strong security in place, such as home users and small companies.

The mayor of the small community of Timra, Sweden — population 10,000 — told Reuters it has "around 70" computers affected.