All told, several cybersecurity firms said they had identified the malicious software responsible for tens of thousands of attacks in more than 60 countries, including the United States, though its effects in the US did not appear to be widespread, at least in the initial hours.
Kurt Baumgartner, principal security researcher at Kaspersky, says the malware has translations in dozens of languages, such that instructions for paying the ransom are displayed in the language set for that computer. The attack appeared to exploit a vulnerability purportedly identified for use by the U.S. National Security Agency and later leaked to the internet. Russian Interior Ministry, which runs the national police, said the problem had been "localized" with no information compromised.
Other targets in Europe included Telefónica, the Spanish telecom giant and a local authority in Sweden, which said about 70 computers were infected. Train systems were hit in Germany and Russian Federation, and phone companies in Madrid and Moscow.
The security loopholes were disclosed several weeks ago by the group The Shadow Brokers. But many companies and individuals haven't installed the fixes yet, or are using older versions of Windows that Microsoft no longer supports and didn't fix.
It said 16 NHS organizations had reported being hit.
"For so many organisations in the same day to be hit, this is unprecedented", he said.
The home secretary said Britain's National Cyber Security Centre was working with the country's health service to ensure the attack was contained, while the National Crime Agency was working with them to find out where it came from.
The spokesman, Jan Op Gen Oorth, declined to give further details Friday so as not to jeopardize the ongoing investigations.More news: Lewis Hamilton faster than Valtteri Bottas in Spanish Grand Prix first practice
"We're not able to tell you who's behind the attack".
Romania's intelligence service says it has intercepted an attempted cyberattack on a government institution which it said likely came from cybercriminal group APT28 also known as Fancy Bear.
"It's an worldwide attack and a number of countries and organizations have been affected", she said.
A top Russian mobile operator says it has come under cyberattacks that appeared similar to those that have crippled some United Kingdom hospitals. Xinhua state news agency said some secondary schools and universities were hit. He said that mobile communications haven't been affected.
East and North Hertfordshire NHS Trust, which runs hospitals in an area north of London, said "the trust has experienced a major IT problem, believed to be caused by a cyberattack".
Hospitals across the country have been hit by a "ransomware" attack that froze computers, shutting wards, closing emergency rooms and bringing treatment to a halt.
Similar widespread attacks have been reported in Spain and other countries.
Indeed, while FedEx Corp. reported that its Windows computers were "experiencing interference" from malware - it wouldn't say if it had been hit by the ransomware - other impacts in the USA were not readily apparent on Saturday. Targets were sent an encrypted, compressed file that, once loaded, allowed the ransomware to infiltrate the quarry's systems.More news: 'Bosz babes' Ajax take cut-price route to Europa League final
Spain's Telefonica was among the companies hit.
Government computers in the northern Swedish municipality of Timra were also affected, officials said.
The U.S. Department of Homeland Security issued a warning Friday night urging Windows users to update all systems to include the latest patches and software update and not to click or download any unknown links.
Microsoft issued a security update on March 14 about vulnerabilities in the Windows system.
NHS Digital, which oversees hospital cybersecurity, says the attack used the Wanna Decryptor variant of malware, which holds affected computers hostage while the attackers demand a ransom.
"We are very aware that attacks on critical services such as the NHS have a massive impact on individuals and their families, and we are doing everything in our power to help them restore these vital services", said Ciaran Martin, the body's chief executive. Routine appointments were being canceled. A large cyberattack crippled computer systems at hospitals across England on Friday, with appointments canceled, phone lines down and patients turned away.
Home Secretary Amber Rudd, who is to chair an emergency COBRA meeting to discuss the crisis later, could not confirm if all patient files had been backed up.
Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 worth of the online currency Bitcoin, saying: "Ooops, your files have been encrypted!"More news: Engineer charged in deadly Amtrak crash