A global cyberattack using ransomware, malicious code that locks down computers and files until users pay a ransom, that began Friday morning is now up to 75,000 attacks in 99 countries, according to cybersecurity company Avast.
The attack is mostly focused on Russia, Ukraine and Taiwan, but it also affected hospitals within the U.K.’s National Health Service, Spanish telecommunications company, Telefonica and many governments around the world.
The ransomware is known as WannaCry, and many outlets are reporting that it took advantage of a vulnerability in Windows that Microsoft patched earlier this year. A group called Shadow Brokers leaked stolen hacking tools used by an organization tied to the National Security Agency, and Avast contends that these tools were likely used in the ransomware attack.
Windows users who haven’t updated their systems since the patch became available remain at risk in this attack.
When a victim is hit by the ransomware, file extensions are changed to read “.WNCRY”. A ransom note is dropped into a text file, and a window titled “Wana Decrypt0r 2.0” pops up. The messages include the ransom demand, $300 in bitcoin, and instructions for recovering files. Along the side of the window are threats including a timeline of when users’ files will be lost and a deadline for an increased ransom price.