It's not the first time hackers have used the leaked NSA tools to infect computers. Soon after the leak, hackers infected thousands of vulnerable machines with a backdoor called DOUBLEPULSAR.
UK hospitals, Telefonica, FedEx, and other businesses were hit by a massive ransomware attack on Friday.
Cybersecurity firm Avast said it had identified more than 75,000 ransomware attacks in 99 countries, making it one of the broadest and most damaging cyberattacks in history.
Europol said Saturday that the attack was of an "unprecedented level and requires international investigation."
The ransomware, called "WannaCry," locks down all the files on an infected computer and asks the computer's administrator to pay in order to regain control of them.
The ransomware is spread by taking advantage of a Windows vulnerability that Microsoft (MSFT, Tech30) released a security patch for in March.
Affected machines have six hours to pay up and every few hours the ransom goes up.
Sixteen National Health Service (NHS) organizations in the UK have been hit, and some of those hospitals have canceled outpatient appointments and told people to avoid emergency departments if possible. The NHS said in a statement on Saturday that there was no evidence that patient information had been compromised.
In China, the internet security company Qihoo360 issued a "red alert" saying that a large number of colleges and students in the country had been affected by the ransomware, which is also referred to as "WannaCrypt." State media reported that digital payment systems at PetroChina gas stations were offline, forcing customers to pay cash.
"Global internet security has reached a moment of emergency," Qihoo360 warned.
Spanish telecom company Telefónica (TEF) was also hit with the ransomware. Spanish authorities confirmed the ransomware is spreading through the vulnerability, called "EternalBlue," and advised people to patch.
Fedex said it was "experiencing interference with some of our Windows-based systems caused by malware" and was trying to fix the problems as quickly as possible.
Russia's Interior Ministry released a statement acknowledging a ransomware attack on its computers, adding that less than 1% of computers were affected, and that the virus is now "localized." The statement said antivirus systems are working to destroy it.
The U.S. Department of Homeland Security, in a statement late Friday, encouraged people to update their operating systems. "We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally," the department said.
Kaspersky Lab says although the WannaCry ransomware can infect computers even without the vulnerability, EternalBlue is "the most significant factor" in the global outbreak.
There are now signs that the ransomware attack has subsided thanks to a kill switch, discovered by a 22-year-old in the UK. Some experts believe the attackers behind the ransomware have only raised around $20,000 from the scam. Either way, this is yet another painful security lesson for everyone involved. Exploits should be disclosed by government agencies, systems should be patched in a timely manner, and nobody should be running an old supported version of Windows.