UPDATE: Ransomware that ripped through hundreds of thousands of Windows PCs worldwide on Friday was hobbled over the weekend thanks to a UK researcher, but it could see a resurgence this week if patches are not deployed.
Hospitals across the UK shut down their IT systems on Friday as they struggled to defend against a cyber attack that spread across Europe and Asia, freezing many computers and demanding ransom payments to unlock them.
Sixteen organizations affiliated with Britain's National Health Service report being affected, with one NHS IT worker telling the Guardian that the affected systems represent "the largest outage of this nature I've seen in the six years I've been employed with the NHS."
In a statement, the NHS said that its early investigations attributed the attack to a strain of malware known as the "Wanna Decryptor," a ransomware program that infects computers via a trojan virus and encrypts data stored on the local disk drive. No patient data was compromised, according to the NHS, which said that the attack appeared to target victims outside the healthcare industry as well.
Reports of healthcare IT system outages flooded Twitter and other social media sites on Friday afternoon. One healthcare worker tweeted a picture of a computer screen with a pop-up window from the Wanna Decryptor program that read "Oops, your files have been encrypted!" and included a instructions on how to send a $300 ransom payment.
Affected hospitals and other NHS facilities from London to Liverpool cancelled routine patient appointments and diverted ambulances to other nearby facilities that weren't affected, according to the Guardian. Britain's National Cyber Security Centre said it was aware of the attack and investigating.
Spanish telecom giant Telefonica and victims in eleven other countries, including Russia and Vietnam, suffered similar attacks, with many reporting the same demands for $300 ransom payments, according to the New York Times. There were no immediate reports of victims in the US.
The tool used, according to the Times, was leaked by a group known as the Shadow Brokers, which has posted stolen hacking tools linked to the NSA online.
Healthcare facilities are an attractive target for ransomware attacks because their computer systems have sensitive data and many have shown a willingness to pay the ransoms rather than spend extended amounts of time trying to unlock the data themselves. There are more than 20 ransomware-related data loss incidents per day in the healthcare sector, according to Intel Security.
NHS hospitals in particular are frequent targets. A ransomware attack last November took a hospital in the eastern English county of Lincolnshire offline for several days. In the US, meanwhile, hospitals in California and Kentucky paid attackers tens of thousands of dollars last year to free their computers from ransomware.
Editor's Note: This story was updated at 2:15 p.m. ET with aditional information.