Irish and UK IT systems among those hit by global cyber attack

Spokesman for the Copenhagen-headquartered company, Anders Rosendahl, said, "It has affected all branches of our business, at home and abroad."

A raft of numerous other organisations including big business and government offices in eastern Europe have been hit by the worldwide cyber attack.

The "massive ransomware campaign" has affected organisations ranging from global law firm DLA Piper, to advertising giant WPP and US pharmaceutical company Merck.

The hack has caused widespread disruption, with company and government officials reporting major disruption to the Ukrainian power grid, banks and government offices.

The latest attack comes just weeks after ransomware downed systems across the globe, including the NHS in the UK.

More than 200,000 victims in around 150 countries were infected by the WannaCry or Wanna Decryptor ransomware, which originated in the UK and Spain last month, before spreading globally.

The current ransomware, the name given to programmes that hold data hostage by scrambling it until a payment is made, is known as GoldenEye or Petya, according to Bogdan Botezatu, a senior e-threat analyst at Bitdefender.

Victims of the malware can be asked to pay a 300 dollar ransom after their hard drive is encrypted, crashing their computer.

Mr Botezatu said on Tuesday evening that malware operators received 13 payments totalling 3,500 US dollars in digital currency in almost two hours.

He said: "Bitdefender has identified a massive ransomware campaign that is currently unfolding worldwide.

"Preliminary information shows that the malware sample responsible for the infection is an almost identical clone of the GoldenEye ransomware family."

The National Cyber Security Centre, which is part of intelligence agency GCHQ, said there was a "global ransomware incident".

A spokesman said: "We are aware of a global ransomware incident and are monitoring the situation closely.

"The NCSC website provides advice to the public and business on how to protect your digital systems."

WPP, the world's biggest advertising business, confirmed it had been hit, while DLA Piper has taken its email system down as a preventative measure.

Russia's Rosneft energy company also reported falling victim, as did shipping company AP Moller-Maersk, which said every branch of its business was affected.

Ukrainian deputy prime minister Pavlo Rozenko posted a picture of a darkened computer screen on Twitter, saying the computer system at the government's headquarters has been shut down.

In reference to the attack, the State Agency of Ukraine on Exclusion Zone Management said Chernobyl's radiation monitoring system has been switched to manual and is operating normally.

Experts have raised questions around the suspected exploit, named EternalBlue, which is thought to be being used to spread the ransomware from one computer to another.

The same exploit is said to have been used in the WannaCry attack.

Marco Cova, senior security researcher at anti-malware company Lastline said: "The Petya attack looks very similar in its dynamics and techniques to the WannaCry ransomware that caused large disruption just a few weeks ago.

"In particular, like WannaCry, it seems to rely on the EternalBlue exploit to automatically spread from one machine to another.

"It's still early in the infection lifecycle, but obviously, if it is confirmed that the EternalBlue is the only spreading mechanism, there will be inevitable questions about how organisations could still fall to this attack after all the publicity and support tools (patches, scanning tools, etc.) that were produced as part of the WannaCry response.

A supermarket in Ukraine.
The country is under cyberattack.
via @golub pic.twitter.com/jETUuCPcqn

— вареничок.eristavi 🇺🇦🏳️‍🌈 (@maksymeristavi) June 27, 2017

Update 6:53pm: Advertising giant WPP said the firm had been hit by a "suspected cyber attack" amid reports hackers had caused widespread disruption to companies across the globe.

The world's biggest advertising business said a number of its companies had been affected and it was currently "assessing the situation".

While the FTSE 100 firm gave no more detail about how the business had been impacted, its website appeared to be down as it made the announcement.

In a statement, WPP said: "IT systems in several WPP companies have been affected by a suspected cyber attack.

"We are assessing the situation, taking appropriate measures and will update as soon as possible."

It came as company and government officials reported major disruption to the Ukrainian power grid, banks and government offices.

Russia's Rosneft energy company also reported falling victim to hacking, as did shipping company AP Moller-Maersk, which said every branch of its business was affected.

IT systems in several WPP companies have been affected by a suspected cyber attack. We are taking appropriate measures & will update asap.

— WPP (@WPP) June 27, 2017

Ukrainian deputy prime minister Pavlo Rozenko posted a picture of a darkened computer screen on Twitter, saying the computer system at the government's headquarters has been shut down.

There is very little information about who might be behind the Eastern European disruption, but technology experts who examined screenshots circulating on social media said it bears the hallmarks of ransomware, the name given to programmes that hold data hostage by scrambling it until a payment is made.

The National Cyber Security Centre, which is part of intelligence agency GCHQ, said there was a "global ransomware incident".

A spokesman said: "We are aware of a global ransomware incident and are monitoring the situation closely.

"The NCSC website provides advice to the public and business on how to protect your digital systems."

In a statement on the company's website, Maersk said: "We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber attack.

"We continue to assess the situation. The safety of our employees, our operations and customers' business is our top priority. We will update when we have more information."

Global law firm DLA Piper, which has offices in London and other parts of the UK, confirmed it had been affected.

Russia's @Vedomosti has posted pic sent by worker at oil company Bashneft of the lock-out screen seemingly caused by the huge cyber-attack. pic.twitter.com/gF3atpgDCt

— Patrick Reevell (@Reevellp) June 27, 2017

A spokeswoman said: "The firm, like many other reported companies, has experienced issues with some of its systems due to suspected malware.

"We are taking steps to remedy the issue as quickly as possible."

It is understood the company has taken its email system down as a preventative measure.

US pharmaceutical company Merck said: "We confirm our company's computer network was compromised today as part of global hack. Other organisations have also been affected.

"We are investigating the matter and will provide additional information as we learn more."

The attack is described as a "massive ransomware campaign that is currently unfolding

worldwide", according to Bogdan Botezatu, a senior e-threat analyst at Bitdefender.

He said samples are similar to the GoldenEye ransomware family, which has been circulating in recent months.

Mr Botezatu said victims of GoldenEye malware can be asked to pay a 300 dollar ransom after their hard drive is encrypted by GoldenEye, crashing their computer.

The latest attack comes just weeks after a ransomware attack downed systems across the globe, including the NHS in the UK.

More than 200,000 victims in around 150 countries were infected by the WannaCry or Wanna Decryptor ransomware, which originated in the UK and Spain in May before spreading globally.

Earlier: A new and highly virulent outbreak of malicious data-scrambling software appears to be causing mass disruption across Europe, hitting Ukraine especially hard.

Company and government officials reported serious intrusions at the Ukrainian power grid, banks and government offices, where one senior official posted a photo of a darkened computer screen and the words "the whole network is down".

Ukraine's prime minister said the cyberattack is "unprecedented" but "vital systems haven't been affected".

Volodymyr Groysman also said on Facebook that "our IT experts are doing their job and protecting critical infrastructure... The attack will be repelled and the perpetrators will be tracked down."

Russia's Rosneft oil company also reported falling victim to hacking, as did Danish shipping giant AP Moller-Maersk.

"We are talking about a cyberattack," said Anders Rosendahl, a spokesman for the Copenhagen-based group.

"It has affected all branches of our business, at home and abroad."

The number of companies and agencies reportedly affected by the ransomware campaign was piling up fast, and the electronic rampage appeared to be rapidly snowballing into a real-world world crisis.

Dutch daily Algemeen Dagblaad said container ship terminals in Rotterdam run by a unit of Maersk were also affected.

Rosneft said that the company narrowly avoided major damage.

"The hacking attack could have led to serious consequences but neither the oil production nor the processing has been affected thanks to the fact that the company has switched to a reserve control system," the company said.

There is very little information about who might be behind the disruption at each specific company, but cybersecurity experts rapidly zeroed in on a form of ransomware, the name given to programs that hold data hostage by scrambling it until a payment is made.

"A massive ransomware campaign is currently unfolding worldwide," said Romanian cybersecurity company Bitdefender.

It said the malicious program appeared to be nearly identical to GoldenEye, one of a family of rogue programs that has been circulating for months.

It is not clear why the ransomware has suddenly become so much more potent.

The world is still recovering from a previous outbreak of ransomware, called WannaCry or WannaCrypt, which spread rapidly using digital break-in tools originally created by the US National Security Agency and recently leaked to the web.