Hackers use leaked NSA bug in massive global cyber attack

Avast said the attacks began in Europe at 3 a.m. EDT and grew throughout the day, affecting the Spanish telecom giant Telefonica and other companies. The virus used by the hackers is variously known as WanaCrypt0r or .WNCRY, and first appeared in February, Avast said in a blog post.

Hackers spreading and implanting the malicious code demand $300 worth of bitcoins, an anonymous crypto-currency, in order to release a key to decrypt affected hard drives.

Avast said the ransomware may contain an exploit, or malicious tool, that escaped from the hands of the NSA.

"WanaCrypt0r 2.0 is most likely spreading on so many computers by using an exploit the Equation Group, which is a group that is widely suspected of being tied to the NSA, used for its dirty business. A hacker group called ShadowBrokers has stolen Equation Group's hacking tools and has publicly released them," Avast said in a blog post.

ShadowBrokers dumped what it described as NSA hacking tools, including one called EternalBlue, in mid-April.

Spain's official Computer Emergency Readiness Team said the ransomware attacks included software it described as "EternalBlue/DoublePulsar."

"An infection of just one computer can spread to the rest of a corporate network," it said in an emergency bulletin.

A prominent computer security expert, Chris Wysopa, who is co-founder of the application security company Veracode, in Burlington, Mass., said in a tweet that the WanaCrypt0r ransomware epidemic may be an indicator of how powerful some NSA hacking tools are.

"When you see the # of victims of ransomware attack using NSA's EternalBlue you realize how easy it was for them to penetrate adversaries," Wysopal tweeted.