The attack, boiling down to a computer virus that makes users' computers useless unless a payment is made to those who hacked their system, has prompt wide alarm around the globe.
Online security expert Brian Krebs says, "It remains unclear exactly how this ransomware strain is being disseminated and why it appears to have spread so quickly, but there are indications the malware may be spreading to vulnerable systems through a security hole in Windows that was recently patched by Microsoft".
The NY Times reports the ransomware used in this global attack appears to be one that was revealed after a hacker group published information taken from the NSA a few months ago.
Images that were posted online of the NHS pop-up look almost identical to pop-up ransomware windows that hit Spain's Telefonica, a powerful attack that forced the large telecom to order employees to disconnect their computers from its network and to resort to an intercom system to relay messages, according to the Bleeping Computer website.
"The lack of existence of this vulnerability doesn't really prevent the ransomware component from working".
The WannaCry malware encrypts the files and also drops and executes a decryptor tool. The "WannaCry" ransomware "locks down all the files on an infected computer and asks the computer's administrator to pay in order to regain control of them", CNN Money reports.
Lior Div of cyber security firm Cybereason tells McClatchy, "I believe this is the largest (global attack) in the effect it is having".
Some 85% of Telefónica's computers have reportedly been affected.
The NHS says at least 16 of its organizations have been hit by the ransomware.
Sweden's Timra municipality was struck by WannaCry Friday afternoon, Swedish public broadcaster SVT reported. They both said they had been hit by versions of the "WannaCry" ransomware - malicious software which encrypts the information on a device, then demands a ransom to return it.
The BBC understands up to 39 NHS organisations and some GP practices have been affected.
Spain's national computer response team, CN-CERT, issued an advisory about the attacks.
"I can see on our map that Denmark has been tried to be attacked in the first hours of the attack", Leif Jensen, director of IT security company Kaspersky's Nordic department, was quoted by Danish TV2 channel as saying.