Hospitals, companies, universities and governments across at least 150 countries were hounded by a cyberattack that locked computers and demanded ransom.
It’s one of the largest attacks ever carried out. The attack hit more than 200,000 victims, according to Europol. That number has grown since Friday, when attacks were first reported.
Experts have said they expect that number to pop on Monday when people return to work and fire up their computers. And Europol said Sunday that a new strain of the ransomware had been discovered.
“We will get a decryption tool eventually, but for the moment, it’s still a live threat and we’re still in disaster recovery mode,” Europol director Rob Wainwright said on CNN.
Exactly which computers were are being targeted remains fuzzy — but here’s who we know has been impacted so far.
FedEx: The company said it was “experiencing interference with some of our Windows-based systems caused by malware” and was trying to fix the problems as quickly as possible.
Nissan: The carmaker said in a statement that “some Nissan entities were recently targeted” but “there has been no major impact on our business.”
Colleges: Internet security firm Qihoo360 issued a “red alert” over the weekend, saying a large number of colleges and students in China had been hit by the ransomware attack.
Gas stations: State-run media in China reported that some gas stations saw their digital payment systems shut down, forcing customers to bring cash.
Deutsche Bahn: The German railway company told CNNMoney that due to the attack “passenger information displays in some stations were inoperative” as were “some ticket machines.”
Russian Central Bank: State media agency Tass reported the bank discovered malware bulk emails to banks but detected no compromise of resources. The central bank reportedly said those monitoring the cyberattacks found “no incidents compromising data resources of banking institutions.”
Russian Railways: State media said a virus attacked the IT system of Russian Railways, but it did not affect operations due to a prompt response. The company said the virus has been localized and “technical work is underway to destroy it and update the antivirus protection.”
Interior Ministry: The Russian Interior Ministry acknowledged a ransomware attack on its computers, adding that less than 1% of computers were affected. The statement said antivirus systems are working to destroy it.
Megafon: A spokesperson for Russian telecommunications company Megafon told CNN that the cyberattack affected call centers but not the company’s networks. He said the situation was under control.
Telefónica: Spanish authorities confirmed the Spanish telecom company Telefónica ( was one of the targets, though the attack affected only some computers and did not compromise the security of clients’ information. )
National Health Service: At least sixteen NHS organizations have been hit, according to NHS Digital. “At this stage, we do not have any evidence that patient data has been accessed. We will continue to work with affected (organizations) to confirm this,” the agency said. The NHS has said hospitals have had to cancel some outpatient appointments because of the attack.
The UK government called a meeting of its crisis response committee, known as Cobra, to discuss how to handle the situation. The British Home Secretary said most of the NHS systems were back to normal by midday Saturday.
CNNMoney (New York) First published May 13, 2017: 1:55 PM ET