Up to 99 countries may have been affected by the ransomware cyberattack that has struck the NHS, according to some experts.

It is believed to be the biggest attack of its kind ever recorded.

Russia appeared to be the hardest hit nation, with its interior and emergencies ministries and biggest bank, Sberbank, saying they were targeted.

The interior ministry said on its website around 1,000 computers had been infected but it had localised the virus.

Spain, Ukraine and India were also severely affected, according to researchers from the Kaspersky Lab.


By the group's count, the malware struck at least 74 countries. However, researchers with security software maker Avast said they had observed 57,000 infections in 99 countries, also citing Taiwan among the top targets.

:: Hackers' hitlist: Cyber criminals and their targets

Cyber security experts working 'round the clock'

Cyber security expert Varun Badwhar said the attack gave a glimpse of what a "cyber-apocalypse" would look like.

He said: "This is an unprecedented scale. We've never seen something spread this quickly in a 24-hour period across these many countries and continents.

"So it's definitely one of those things we've always heard about that could happen and now we're seeing it play out. It's really a cyber-apocalypse that we're seeing."

Mikko Hypponen, from tech firm F-Secure, called it "the biggest ransomware outbreak in history".

Chris Wysopal of the software security firm Veracode said criminal organisations were probably behind the attack, given how quickly the malware spread.

'Saviour' researcher: Cyberattack was amateur

"For so many organisations in the same day to be hit, this is unprecedented," he said.

Spain's Telefonica, a global broadband and telecommunications company, was among the companies hit.

Portugal Telecom and Telefonica Argentina both said they were also targeted.

International shipper FedEx Corp said some of its Windows computers were also infected.

"We are implementing remediation steps as quickly as possible," it said in a statement.

Lauri Love on hack: Expect to see this everywhere

Ransomware is malicious software that infects machines, locks them by encrypting data and then attempts to extort money to let users back in.

:: Ransomware explained - hacking for cash is on the rise

The software used in the latest attacks is called WannaCry, or Wanna Decryptor, and exploits a vulnerability in the Windows operating system.

It allows the malware to automatically spread across networks, so it can quickly infect large numbers of machines at the same organisation.

The Cyber extortionists tricked victims into opening malicious attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access.

Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.

Spain took steps to protect critical infrastructure in response to the attack.

Authorities said they were communicating with more than 100 energy, transportation, telecommunications and financial services providers about the attack.

Telefonica said the attack was limited to some computers on an internal network and had not affected clients or services.

Image: Russia has been most affected by the attack. Pic: Securelist

In the US, the effect of the hack did not appear to be widespread, at least initially.

Hacking group Shadow Brokers reportedly released the malware last month, after claiming to have discovered the flaw from the US National Security Agency.