Hackers launched blistering attacks Tuesday against companies and agencies across the world.
Major global firms reported that they were under attack, including British advertising agency WPP, Russian oil and gas giant Rosneft and Danish shipping firm Maersk.
“IT systems in several WPP companies have been affected by a suspected cyber attack,” said WPP on its official Twitter account.
Maersk issued a similar statement, saying its IT systems “are down across multiple sites and business units due to a cyberattack.”
The U.S.-based pharmaceutical firm Merck also said it’s been hit.
“We confirm our company’s computer network was compromised today as part of global hack,” it said on Twitter.
The source of the attack is not yet clear. It is similar to WannaCry, which spread globally in May, but there are differences. Both asked victims to pay Bitcoin to get their files back, and both use a similar flaw to spread through networks.
The Moscow-based cybersecurity firm Group IB estimated that the virus affected about 80 companies in Russia and Ukraine.
Group IB said the ransomware infects and locks a computer, and then demands a $300 ransom to be paid in Bitcoins.
Many firms, including Symantec, have suggested the ransomware is a variant of Petya, a known ransomware. But according to security firm Kaspersky Lab, preliminary findings indicate the attacks are from a new ransomware which it’s calling “NotPetya.”
Either way, researchers say Tuesday’s attacks use a Windows flaw called EternalBlue to spread through corporate networks. WannaCry also leveraged the EternalBlue exploit, which was leaked as part of a trove of hacking tools believed to belong to the NSA. Microsoft issued a patch for the exploit in March.
Microsoft said it is investigating the matter.
The Department of Homeland Security is also monitoring the cyberattacks.
Spokesman Scott McConnell said DHS is “coordinating with our international and domestic cyber partners. We stand ready to support any requests for assistance.”
Europol said it is investigating the attack as well.
Ukrainian companies and government agencies seem to have been hit particularly hard.
Ukraine’s central bank warned financial firms across the country that an unknown virus hit the sector, creating problems for banks and customer service.
Officials at that country’s postal service and metro system in Kiev also reported hacking problems.
Ukraine’s vice prime minister, Pavlo Rozenko, tweeted a screenshot of his malfunctioning computer saying computers at the Cabinet of Ministers have been affected.
The Chernobyl nuclear power plant was also hit by the cyber attack, according to a Ukrainian federal agency. In a statement, it said that “in connection with the cyber attack, the Chernobyl nuclear power plant website is not working.” Its Microsoft Windows systems were temporarily disconnected, and radiation monitoring in the area of the industrial site is being carried out manually, it said.
Ransomware victims are always advised not to pay the ransom to get their files back, and in this case, it would be futile. That’s because victims need to notify the attackers that they’ve paid the Bitcoin, but Posteo, the company that hosts the attacker’s email has disabled the service.