The exploit was leaked last month as part of a trove of NSA spy tools.
But attackers are now taking advantage of vulnerable machines to install the WannaCry ransomware.
A huge cyber attack that disrupted Britain's health system and infected many Spanish companies with malicious software may have also affected up to 74 countries.
He said most likely it occurred this time because some of the hospitals and other organizations affected may not have applied a patch that Microsoft released or they are using outdated operating systems no longer supported by the software giant. "Infection of a single computer can end up compromising the entire corporate network", Spain's CCN-CERT said in an alert published Friday. However, NHS Digital claims that the attack was not exclusively targeted towards health services, suggesting that it may have been intended for other organizations too.
Health officials offered no indication of when services might return to normal, or whether patient records could be permanently lost to the attack. The request for $600 in Bitcoin is displayed along with the wallet. "Most folks that have paid up appear to have paid the initial $300 in the first few hours".
The Spanish Computer Emergency Readiness Team said the ransomware was a modified version of the WannaCryptor toolkit, one of those released by a group called Shadow Brokers in April.
The Royal Hampshire County Hospital In Winchester, Basingstoke and North Hampshire hospital and the Andover War Memorial Hospital are among them.
Some hospitals such as Colchester General Hospital have not been directly targeted but are protecting their IT systems by completely shutting them down as a precaution.
"We have around 70 computers that have had a unsafe code installed", the mayor of Timra, a town to the north of Stockholm, told the Reuters news agency.
"This shows how quickly criminals are able to adopt newly exposed vulnerabilities and how slow the rest of us are to patch", he continued.
In his words, by the time they turned their attention to U.S. organizations, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious.
Pyotr Lidov, a spokesman for Megafon, said Friday's attacks froze computers in company's offices across Russian Federation.
Hospital staff are rushed off their feet as they have to take blood tests by hand to other departments from A&E, and they can't access medical records or check information.
"We have activated our major incident plan to make sure we can maintain the safety and welfare of patients", the spokesman said. Routine appointments had been cancelled and ambulances were being diverted to neighbouring hospitals.
Politico said at least two London hospitals were forced to stop admitting new patients with serious medical conditions due to the attacks.
Ciaran Martin, the body's chief executive, said teams were "working round the clock" with United Kingdom and global partners and with private sector experts to lead the response. "All our staff are working hard to minimise the impact and we will post regular updates on the website".
It has been reported that up to 25 NHS organisations and some GP practices have been affected.
Mrs May said: "This is not targeted at the NHS, it's an worldwide attack and a number of countries and organisations have been affected".
"At this stage we do not have any evidence that patient data has been accessed", the NHS Digital statement said.