Europol said Saturday that the attack was of an "unprecedented level and requires international investigation." The ransomware, called "Wanna Cry," locks down all the files on an infected computer and asks the computer's administrator to pay in order to regain control of them.
The exploit was leaked last month as part of a trove of NSA spy tools. But computers and networks that hadn't updated their systems were still at risk.
Wannacry is a worm that spreads by exploiting vulnerabilities in the Windows operating system.
Once installed, it encrypts files and demands a payment to decrypt them. Wannacry is a worm that delivers a ransomware payload. A worm module used for self-propagation and a ransom module used for handling the ransom extortion activities.
Protect your employees anytime, anywhere, on any device with security designed specifically for small business.
There have been discussions of the threat being initially spread through email but this has not been confirmed.
Given the nature of the infection routine, it is possible that only a small number of targets may have been initially seeded with the worm and then the worm propagation routine continued to expand out the pool of compromised computers.
Wanna Cry is a threat composed of two main parts, a worm module and a ransomware module.
In China, the internet security company Qihoo360 issued a "red alert" saying that a large number of colleges and students in the country had been affected by the ransomware, which is also referred to as "Wanna Crypt." State media reported that digital payment systems at Petro China gas stations were offline, forcing customers to pay cash.
"Global internet security has reached a moment of emergency," Qihoo360 warned.