Marco Cova, senior security researcher at Lastline said the attack looks “very similar in its dynamics and techniques” to the WannaCry ransomware that caused disruption last month.
For the moment, Ukraine has been the country most affected by the attack, which targeted the Kiev metro, the state-run Ukrenergo electricity company, the Ukrtelecom telephone company and several cell phone operators, among many other firms.
Government agencies across Ukraine reported being hit, including the public transportation system in Kiev, the state telecom company and the country’s central bank.
Ukraine Prime Minister Volodymyr Groysman posted on his Facebook page that the attack was “unprecedented”, and said the country’s cyberwarfare specialists were working to counter the attack.
“We are talking about a cyberattack“, said Anders Rosendahl, a spokesman for the Copenhagen-based group.
Food company Mondelez International also said its staff in different regions were experiencing technical problems.
India’s cyber security agency has yet to receive any reports of a latest ransomware attack hitting computers there, its boss told Reuters on Tuesday, after a Swiss government agency identified India as one of the main victims.
The attack was confirmed to have spread beyond Europe when US drugmaker Merck, based in New Jersey, said its systems had also been compromised, AP reported. “Our preliminary findings suggest that it is not a variant of Petya ransomware as publicly reported but a new ransomware that has not been seen before”, the group said.
And law firm DLA Piper said it had taken down its systems in response to “a serious global cyber incident”. “The safety of our operations are top of our priorities”, Concepcion Boo Arias, spokeswoman of Maersk Line, told AFP.
According to Motherboard, “a wide range of private businesses” were affected on Tuesday, though it’s unclear whether all the attacks are related.
Veteran security expert Chris Wysopal from Veracode said the malware seemed to be spreading via some of the same Windows code loopholes exploited by Wannacry.
Australian workers at Hobart’s Cadbury factory have been warned by its Spanish parent company Mondelez after its worldwide network experienced a “global IT outage”. Eastern time, Ukraine has reported ransom demands targeting the government and key infrastructure, and the Danish Maersk conglomerate said many of its systems were down.
The recent attacks appear to evade popular anti-virus software.
“The company is now experiencing a hostile ransomware attack on its network systems”, said an internal Merck memo quoted by the Philadelphia Inquirer.
CNET reports the malware encrypts crucial computer files and holds them hostage, demanding $300 in bitcoin to regain access.