A global cyber attack has forced a European carmaker to halt some production lines, hit Russian computers with more than half of suspected infections and struck Chinese schools and Indonesian hospitals, though it appears to be dying down.

Capitalising on spying tools believed to have been developed by the US National Security Agency, the cyber assault launched on Friday has infected tens of thousands of computers in 104 countries, with Britain's health system suffering the worst known disruptions.

READ MORE: Five steps to protect yourself against a global ransomware attack

Researchers with Czech Republic-based security software maker Avast said they had observed more than 126,000 ransomware infections, with 60 percent of infected computers located in Russia, followed by Ukraine and Taiwan.

'Ransomware' is malicious software that infects machines, locks them up by encrypting data and demands a ransom to restore access. (AAP)

Cyber extortionists tricked victims into opening malicious malware attachments to spam emails.

Once inside the targeted network, so-called ransomware made use of recently revealed spy tools to silently infect other out-of-date machines without any human intervention.

This, security experts said, marked an unprecedented escalation in the risk of fresh attacks spreading in the coming days and weeks.

The ransomware encrypted data on the computers and demanded payments randing from $406 to $812 to restore access.

The hackers, who have not come forward to claim responsibility or otherwise been identified, took advantage of a worm - or self-spreading malware - by exploiting a piece of NSA spy code known as "Eternal Blue".

Hospitals and doctors' surgeries in parts of England were forced to turn away patients and cancel appointments. (AAP)

The spy code was released last month by a group of hackers known as the Shadow Brokers, according to researchers with several private cyber security firms.

Renault said it had halted auto production at several sites including Sandouville in north-western France and plants of Renault-owned Dacia of Romania yesterday to prevent the spread of ransomware in its systems.

Nissan's manufacturing plant in Sunderland, north-east England, was also affected by the cyber assault though "there has been no major impact on our business", a spokesman for the Japanese carmaker said.

German rail operator Deutsche Bahn said some electronic signs at stations announcing arrivals and departures were infected, with travellers posting pictures showing some bearing a message demanding a cash payment to restore access.

Some experts said the threat had receded for now, in part because a British-based researcher, who declined to give his name, registered a domain that he noticed the malware was trying to connect to, and so limited the worm's spread.

Researchers are racing against the clock to try to decrypt infected computers and recover access to victims' files before the malicious code's ransom deadline expires in two days.

But so far several said they have found no way to break the encryption.

Finance ministers and central bank governors of seven leading world economies meeting for a G7 conference in Italy on Saturday will pledge stronger cooperation against cyber crime, a draft communique showed.

In Asia, some hospitals, schools, universities and other institutions were affected, though the full extent of the damage is not yet known.