The U.K. and Spain among dozens of countries hit by ransomware attack.

A massive cyberattack swept the globe, freezing computer systems and causing major disruptions, computer-security experts said Friday. Among the victims: more than a dozen hospitals and health facilities in England, along with companies in Spain. The malware believed to be behind the attacks encrypts data on infected computers and essentially holds it for ransom. Known as WannaCry or Wanna Decryptor, the program targets vulnerabilities in Microsoft Windows systems. A Microsoft spokeswoman said Friday the company is “aware of the reports” and “is looking into the situation.”

The attack appears to exploit a vulnerability in Windows that Microsoft patched on March 14. Several cybersecurity specialists said the vulnerability was the same as one targeted in code released in April by a hacking group calling itself “Shadow Brokers,” which claimed to have stolen the attack code from the U.S. National Security Agency. The NSA has declined to comment on the authenticity of the Shadow Brokers documents. Russian antivirus vendor Kaspersky Lab ZAO said the ransomware has appeared in 74 countries but that Russia had been the hardest hit. Antivirus vendor Avast Software s.r.o. said the malware was hitting computers in the U.S., Russia, Ukraine and Taiwan. The Prague-based firm said it had detected more than 57,000 samples of the malware on Friday. The spread of WannaCry represents “one of the highest peaks for a single ransomware strain,” that Avast has recorded this year, said Jakub Kroustek, the leader of Avast’s virus team. Britain’s National Health Service said 16 hospitals and clinics reported they had been affected by the cyberattack, which forced them to cancel appointments and divert ambulances. The NHS said it thought Wanna Decryptor was behind the attack and indicated that there was so far no evidence patient data had been accessed. The British government’s National Cyber Security Center said in a message on its Twitter account that it was working with the NHS and the National Crime Agency to investigate.

In Spain, the attack caused widespread disruption among companies whose computer systems were infected, said Luis Corrons, technical director at Spanish antivirus vendor Panda Security S.L. Some firms disconnected themselves from the internet on Friday until they could apply the appropriate software patches, he said.

Ransomware attacks, though seemingly sophisticated, typically start off simply: A hacker tricks someone into opening a seemingly legitimate or innocuous file that contains malicious software. The ruse is known as phishing. “The majority of ransomware is from phishing attacks, whether that’s a receptionist or a doctor on a smartphone,” said Emily Orton, founder of British cybersecurity company Darktrace. Typically users must click on a malicious attachment to install ransomware, but this software comes with a nasty twist because it is also a worm, Panda Security’s Mr. Corrons said. “If one computer is infected, not only is it going to encrypt all the files to which it has access. It is also going to infect each and every computer on the network that hasn’t patched this vulnerability,” he said. The U.K. attack comes weeks before a general election, set for June 8. Jonathan Ashworth, lawmaker for the Labour Party, said the incident underscored the need for the U.K. government to focus efforts on cybersecurity. “The safety of the public must be the priority and the NHS should be given every resource to bring the situation under control as soon as possible,” Mr. Ashworth said.

More From The Wall Street Journal (subscription required):