Hackers launched blistering attacks Tuesday against companies and agencies across the world.
Major global firms are reporting they’re under attack, including British advertising agency WPP, Russian oil and gas giant Rosneft and Danish shipping firm Maersk.
“IT systems in several WPP companies have been affected by a suspected cyber attack,” said WPP on its official Twitter account.
Maersk issued a similar statement, saying its IT systems “are down across multiple sites and business units due to a cyber attack.”
The U.S.-based pharmaceutical firm Merck also said it’s been hit.
“We confirm our company’s computer network was compromised today as part of global hack,” it said on Twitter.
The source of the attack is not yet clear, but it is similar to WannaCry, which spread globally in May, but there are differences. Both asked victims to pay Bitcoin to get their files back, and both use a similar flaw to spread through networks.
The Moscow-based cybersecurity firm Group IB estimates that a virus has affected about 80 companies in Russia and Ukraine.
Group IB said the ransomware infects and locks a computer, and then demands a $300 ransom to be paid in Bitcoins.
Many firms, including Symantec, have suggested the ransomware is a variant of Petya, a known ransomware. But according to security firm Kaspersky Lab, preliminary findings indicate the attacks are from a new ransomware which it’s calling “NotPetya.”
Either way, researchers say Tuesday’s attacks use a Windows flaw called EternalBlue to spread through corporate networks. WannaCry also leveraged the EternalBlue exploit, which was leaked as part of a trove of hacking tools believed to belong to the NSA. Microsoft issued a patch for the exploit in March.
Microsoft said it is aware of the reports and is investigating.
The Department of Homeland Security is also monitoring reports of cyberattacks.
Spokesman Scott McConnell said DHS is “coordinating with our international and domestic cyber partners. We stand ready to support any requests for assistance.”
Europol said it is aware and investigating the attack as well.
Ukrainian companies and government agencies seem to have been hit particularly hard.
Ukraine’s central bank is warning financial firms across the country that an unknown virus has hit the sector, creating problems for banks and customer service.
Officials at that country’s postal service and metro system in Kiev were also reporting hacking problems.
Ukraine’s vice prime minister, Pavlo Rozenko, tweeted a screenshot of his malfunctioning computer saying computers at the Cabinet of Ministers have been affected.
The Chernobyl nuclear power plant was also hit by the cyber attack, according to a Ukrainian federal agency. In a statement, it said that “in connection with the cyber attack, the Chernobyl nuclear power plant website is not working.” Its Microsoft Windows systems were temporarily disconnected, and radiation monitoring in the area of the industrial site is being carried out manually, it said.
–CNN’s Marilia Brocchetto, Mary Ilyushina, David Shortell and Victoria Butenko contributed to this report.
