A timeline of the WannaCry cyberattack

By Monday, the attack had hit more than 200 organizations in 150 countries.

ByABC News
May 15, 2017, 2:13 PM

— -- The so-called WannaCry cyberattack has affected hundreds of thousands of computers by exploiting vulnerabilities in Microsoft's Windows XP software, creating havoc around the world.

Here's a timeline detailing how the attack spread:

Friday, May 12: Morning

The first appearance of the cyberattack was registered in Europe at what would have been 3:24 a.m. Eastern time, according to a report by The Financial Times.

Telefónica, a Spain-based telecommunications company, was among the first major organizations to report being hit by the attack, and institutions in England's health care sector first reported problems by late morning on Friday, according to the FT.

The malware locked computers and blocked access to patient files in England's public hospitals.

NHS Digital, the body of the Department of Health that uses information and technology to support England's health care system, told ABC News it was working closely with the National Cyber Security Center and other agencies to fix the damage.

"We are continuing to work around the clock to support NHS organizations that have reported any issue due to yesterday's cyberattack," NHS Digital said in a statement Saturday.

Chris Camacho, chief strategy officer at the cybersecurity firm Flashpoint, told ABC News that health care companies were particularly ripe for ransomware attacks like this one because patient records are so critical to care.

“There’s nothing you can do but pay once you’re hit,” Camacho said in an interview. “If you need that data back, you’re going to pay.”

By Friday afternoon, 16 National Health Service (NHS) facilities reported that they were affected by the cyberattack.

Friday, May 12: Afternoon

The attack spread to a large swath of different organizations around the world, including the French car company Renault, the Russian cellphone operator MegaFon and U.S.-based FedEx.

A FedEx spokesperson confirmed to ABC News that it was among the victims of the attack.

“Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware,” the spokesperson said in a statement. “We are implementing remediation steps as quickly as possible. We regret any inconvenience to our customers.”

The U.S. Department of Homeland Security said in a statement on Friday that it was "aware of reports of ransomware affecting global entities."

A cybersecurity researcher from the security company Proofpoint discovered an unregistered domain buried in the code of the virus, and shared his findings on social media.

A 22-year-old British researcher identified online as "MalwareTech" saw the findings and activated a "kill switch" for the attack, slowing its spread.

"I was actually panicking because because one of my analysts made a mistake and they had said by registering the url we had started the infection," the unnamed researcher told ABC News. "So, I was panicking looking through the code and I realized that actually no, we had stopped it."

Microsoft also issued a statement, calling the circumstances painful.

"Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful," according to the statement. "Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers."

Saturday, May 13

Experts anticipated that an update to the malware could be released, therefore increasing its spread.

"Currently the spreading of the ransomware is slowed down dramatically because a researcher found a logic bug in the malware, not because the companies around the world are having good security practice," Matt Suiche, founder of Comae Technologies, a cybersecurity company in the United Arab Emirates, told ABC News on Saturday.

"I'd even say this update probably already happened," he added.

Microsoft rolled out an additional security update for its customers to further protect Windows platforms.

Monday, May 15: Morning

President Trump's homeland security adviser Tom Bossert told "Good Morning America" that the unprecedented global cyberattack sends an "urgent call for collective action" by governments throughout the world.

Bossert said he expected the number of people affected would rise as more workers logged into their work computers today.

The attack had hit more than 200,000 hospitals, corporations, government agencies and other organizations in 150 countries by Monday.

ABC News' Morgan Winsor, Pete Madden, Brian Ross, James Gordon Meek, and Patrick Reevell contributed to this report.

Related Topics