Researcher 'accidentally' stops spread of 'unprecedented' global cyberattack

A British researcher unexpectedly found and activated a "kill switch" to an "unprecedented" ransomware cyberattack that hit hundreds of thousands of computers around the globe at hospitals, government offices, transportation systems and major companies, including FedEx.

But even with the spread of the malicious software at least temporarily halted, researchers warned that another cyberattack could be imminent and the next one could target the United States.

"Currently the spreading of the ransomware is slowed down dramatically because a researcher found a logic bug in the malware, not because the companies around the world are having good security practice," Matt Suiche, founder of Comae Technologies, a cybersecurity company in the United Arab Emirates, told ABC News on Saturday.

Suiche said the cyberattackers could soon release a new update to the malware, making it more robust and resuming the global infection.

"I'd even say this update probably already happened," he added.

FedEx, other US companies targeted

FedEx was among the many companies worldwide hit by the sophisticated cyberattack that used leaked tools of the U.S. National Security Agency.

A FedEx spokesperson confirmed to ABC News that the U.S.-based international shipper is among the victims of the global cyberattack.

“Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware,” the spokesperson said in a statement. “We are implementing remediation steps as quickly as possible. We regret any inconvenience to our customers.”

Ryan Kalember, a senior vice president at the cybersecurity firm Proofpoint, told ABC News he is aware of other U.S.-based companies who were affected but have not spoken publicly. He said the virus spread rapidly, making it difficult to identify “patient zero” and attribute the cyberattack to a particular hacker group.

Computer networks attacked in 99 countries

The unidentified attackers targeted networks in North America, Europe and Asia, seizing control of computers in dozens of countries by infecting them with malicious software and restricting access until a ransom is paid. Cybersecurity firm Avast said it has detected more than 75,000 so-called ransomware attacks in 99 countries.

"According to our data, the ransomware is mainly being targeted to Russia, Ukraine and Taiwan, but the ransomware has successfully infected major institutions, like hospitals across England and Spanish telecommunications company, Telefonica," Avast said in a statement.

Tyler Wood, a former top official of the U.S. Defense Intelligence Agency who now works for a major telecommunications firm, told ABC News the forensic work to identify the perpetrators may take some time, and it could be a private attacker or a state.

Ransomware attacks are typically carried out by criminal groups, but officials said they cannot rule out anything while investigations remain ongoing.

'Unprecedented' international cyberattack

Europol, the European Union’s law enforcement agency, said the cyberattack has reached "an unprecedented level." The agency said its European Cybercrime Center is working closely with affected countries, cybercrime units and key industry partners to mitigate the treat and assist victims.

"The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits," Europol said in a statement Saturday

The U.S. Department of Homeland Security said in a statement Friday that it is "aware of reports of ransomware affecting global entities."

Future cyberattacks could be far worse, expert says

Ori Eisen, founder and CEO of cybersecurity firm Trusona, said the scale and speed by which the virus has spread had never been seen before. But the worst is yet to come, he said.

"This is child's play compared to what's ahead," Eisen told ABC News. "The same virus could hit a nuclear power plant, a water bridge, a metro train and the effect would be devastating."

Eisen said the root cause of this threat is simple: static passwords, which are insecure and easily copied. Cyber crooks are taking advantage of simple passwords and computers that aren't patched. And as long as static passwords are being used, Eisen said, the threat will remain.