Here are all the companies and government agencies affected by the cyberattack sweeping the globe

• Rebecca Harrington
 
•   

• 1h
• 3

FILE PHOTO: Man types on a computer keyboard in front of the displayed cyber code in this illustration pictureThomson Reuters

A massive cyberattack swept the globe on Tuesday, hitting Ukraine particularly hard and causing chaos across much of Europe.

Companies and government agencies in Ukraine, Russian, UK, France, and Norway have reported ransomware demanding payment before unlocking their files.

It's unclear at the moment who's behind the attack, which harkens back to the WannaCry virus that affected 150 countries in May, or whether all of the reported issues are related.

The cyberattack continues to spread as more entities report being hit, but here's where we know it's struck so far:

View As: One Page Slides

UKRAINE: Banks, airports, government offices, power grid

An employee sits next to a payment terminal out of order at a branch of Ukraine's state-owned bank Oschadbank after Ukrainian institutions were hit by a wave of cyber attacks earlier in the day, in Kiev, Ukraine, June 27, 2017.REUTERS/Valentyn Ogirenko

Ukraine has been the hardest hit by the attack, which came one day before the country's Constitution Day. Company and government officials reported major disruption to the Ukrainian power grid, banks, government offices, and airports.

The radiation monitoring system in Chernobyl, the site of a nuclear disaster in 1986, was also affected, AFP reported. "Due to the temporary shutdown of the Windows system, the radiation monitoring of the industrial area is being done manually," the agency said on its website.

Anton Gerashchenko, an adviser to Ukraine's interior minister, wrote in a Facebook postthat the attack was "the largest in the history of Ukraine."

RUSSIA: Banks, oil company, steelmaker

Russia's President Vladimir Putin visits a Rosneft refinery in the Black Sea town of Tuapse in southern Russia on October 11, 2013.Alexei Nikolskyi/RIA Novosti/Kremlin/Reuters

Russia's state-run Rosneft energy company also reported falling victim to hacking, but said oil production wasn't affected. The Russian steelmaker Evraz also said its information systems were under cyberattack, but its output wasn't impacted either.

The central bank of Russia said "computer attacks" had infected some IT systems of Russian banks. Reuters reported that all Russian branches of the Home Credit consumer lender are closed because of an attack, citing an employee of the lender's call center.

FRANCE: Saint Gobain

Thomson Reuters

Saint Gobain, a French construction materials company, said it was also the victim of an attack, and a spokesman told Reuters that they were isolating computer systems in order to protect data.

UK: WPP

WPP founder and CEO Martin Sorrell speaks at the British chambers of Commerce annual conference in London.Thomson Reuters

Britain's WPP, the world's largest advertising company, was also affected, the BBC reported.

NORWAY

Projection of cyber code on hooded man is pictured in this illustration pictureThomson Reuters

Reuters reported that Norway's national security authority said a ransomware attack was taking place at one of the country's company, but didn't name which one.

GERMANY: Deutsche Post, Metro

View image on Twitter

 Follow

Mikhail Golub @golub

Супермаркет в Харькове

7:28 AM - 27 Jun 2017

 
•  374374 Retweets
 
•  268268 likes

Twitter Ads info and privacy

German postal and logistics company Deutsche Post and wholesale retailer Metro both said their locations in Ukraine were part of the attack, and that they were assessing the impact.

Mondelēz International

Logo of Mondelez International is pictured at the company's building in Zurich.Thomson Reuters

The global food company Mondelez International said its employees were experiencing technical "difficulties in various geographies," but weren't sure if they too were the victim of a cyberattack.

"The Mondelēz International network is experiencing a global IT outage," the company said in a statement. "Our global special situations management team is in place, and they are working to resolve the situation as quickly as possible."

DENMARK: Maersk

The MV Maersk Mc-Kinney Moller, the world's biggest container ship, arrives at the harbour of Rotterdam August 16, 2013. Reuters

The massive Danish shipping company A.P. Moller-Maersk, which is responsible for one out of seven containers shipped around the world, said every branch of its business was affected.

"We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber attack. We continue to assess the situation," the company wrote on its website. "The safety of our employees, our operations and customer's business is our top priority. We will update when we have more information."

UNITED STATES: Merck

Pharmaceutical giant Merck was hit, too.

 Follow

Merck 

✔@Merck

We confirm our company's computer network was compromised today as part of global hack. Other organizations have also been affected (1 of 2)

8:03 AM - 27 Jun 2017

 
•  362362 Retweets
 
•  162162 likes

Twitter Ads info and privacy

 Follow

Merck 

✔@Merck

We are investigating the matter and will provide additional information as we learn more. (2 of 2)

8:03 AM - 27 Jun 2017

 
•  8686 Retweets
 
•  5151 likes

Twitter Ads info and privacy

SEE ALSO: Hackers strike across Europe, sparking widespread disruption

CYBER RISK | Tue Jun 27, 2017 | 1:39pm EDT

Ransomware virus hits computer servers across the globe

By Jack Stubbs and Pavel Polityuk | MOSCOW/KIEV

A ransomware attack hit computers across the world on Tuesday, taking out servers at Russia's biggest oil company, disrupting operations at Ukrainian banks, and shutting down computers at multinational shipping and advertising firms.

Cyber security experts said those behind the attack appeared to have exploited the same type of hacking tool used in the WannaCry ransomware attack that infected hundreds of thousands of computers in May before a British researcher created a kill-switch.

"It's like WannaCry all over again," said Mikko Hypponen, chief research officer with Helsinki-based cyber security firm F-Secure.

He said he expected the outbreak to spread in the Americas as workers turned on vulnerable machines, allowing the virus to attack. "This could hit the U.S.A. pretty bad," he said.

The U.S. Department of Homeland Security said it was monitoring reports of cyber attacks around the world and coordinating with other countries.

The first reports of organizations being hit emerged from Russia and Ukraine, but the impact quickly spread westwards to computers in Romania, the Netherlands, Norway, and Britain.

Within hours, the attack had gone global.

Danish shipping giant A.P. Moller-Maersk, which handles one out of seven containers shipped globally, said the attack had caused outages at its computer systems across the world on Tuesday, including at its terminal in Los Angeles.

Pharmaceutical company Merck & Co said its computer network had been affected by the global hack.

A Swiss government agency also reported computer systems were affected in India, though the country's cyber security agency said it had yet to receive any reports of attacks.

"DON'T WASTE YOUR TIME"

After the Wannacry attack, organizations around the globe were advised to beef up IT security.

left

right

10/10

left

right

A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank after Ukrainian institutions were hit by a wave of cyber attacks earlier in the day, in Kiev, Ukraine, June 27, 2017. REUTERS/Valentyn Ogirenko

1/10

left

right

2/10

left

right

3/10

left

right

4/10

left

right

5/10

left

right

6/10

left

right

7/10

left

right

8/10

left

right

9/10

left

right

10/10

left

right

1/10

"Unfortunately, businesses are still not ready and currently more than 80 companies are affected," said Nikolay Grebennikov, vice president for R&D at data protection firm Acronis.

One of the victims of Tuesday's cyber attack, a Ukrainian media company, said its computers were blocked and it had a demand for $300 worth of the Bitcoin crypto-currency to restore access to its files.

"If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service," the message said, according to a screenshot posted by Ukraine's Channel 24.

The same message appeared on computers at Maersk offices in Rotterdam and at businesses affected in Norway.

Other companies that said they had been hit by a cyber attack included Russian oil producer Rosneft, French construction materials firm Saint Gobain and the world's biggest advertising agency, WPP - though it was not clear if their problems were caused by the same virus.

"The building has come to a standstill. It's fine, we've just had to switch everything off," said one WPP employee who asked not to be named.

WANNACRY AGAIN

Cyber security firms scrambled to understand the scope and impact of the attacks, seeking to confirm suspicions hackers had leveraged the same type of hacking tool exploited by WannaCry, and to identify ways to stop the onslaught.

Experts said the latest ransomware attacks unfolding worldwide, dubbed GoldenEye, were a variant of an existing ransomware family called Petya.

It uses two layers of encryption which have frustrated efforts by researchers to break the code, according to Romanian security firm Bitdefender.

"There is no workaround to help victims retrieve the decryption keys from the computer," the company said.

Russian security software maker Kaspersky Lab, however, said its preliminary findings suggested the virus was not a variant of Petya but a new ransomware not seen before.

RELATED COVERAGE

• TNT Express facing interference with some of its systems
• Russian central bank says aware of 'computer attacks' on Russian banks
• Indian cyber security agency says no reports of ransomware attack on country
• Cyber attacks affect some radiation checks at Ukraine's Chernobyl site
• Germany's BSI says Petya malware used in cyber attacks
• FACT BOX Companies hit by global ransomware attack on June 27

Last's month's fast-spreading WannaCry ransomware attack was crippled after a 22-year-old British security researcher Marcus Hutchins created a so-called kill-switch that experts hailed as the decisive step in slowing the attack.

Any organization that heeded strongly worded warnings in recent months from Microsoft Corp to urgently install a security patch and take other steps appeared to be protected against the latest attacks.

Ukraine was particularly badly hit, with Prime Minister Volodymyr Groysman describing the attacks on his country as "unprecedented".

An advisor to Ukraine's interior minister said the virus got into computer systems via "phishing" emails written in Russian and Ukrainian designed to lure employees into opening them.

According to the state security agency, the emails contained infected Word documents or PDF files as attachments.

Yevhen Dykhne, director of the Ukrainian capital's Boryspil Airport, said it had been hit. "In connection with the irregular situation, some flight delays are possible," Dykhne said in a post on Facebook. A Reuters reporter who visited the airport late on Tuesday said flights were operating as normal.

Ukrainian Deputy Prime Minister Pavlo Rozenko said the government's computer network had gone down and the central bank said a operation at a number of banks and companies, including the state power distributor, had been disrupted by the attack.

"As a result of these cyber attacks these banks are having difficulties with client services and carrying out banking operations," the central bank said in a statement.

Russia's Rosneft, one of the world's biggest crude producers by volume, said its systems had suffered "serious consequences" from the attack. It said it avoided any impact on oil production by switching to backup systems.

The Russian central bank said there were isolated cases of lenders' IT systems being infected by the cyber attack. One consumer lender, Home Credit, had to suspend client operations.

(Additional reporting by European bureaux and Jim Finkle in Toronto; writing by Christian Lowe; editing by David Clarke)

 Our Standards: The Thomson Reuters Trust Principles

NEXT IN CYBER RISK 

Maersk says global IT breakdown caused by cyber attack

COPENHAGEN Shipping giant A.P. Moller-Maersk, which handles one out of seven containers shipped globally, said a cyber attack had caused outages at its computer systems across the world on Tuesday.

Mondelez says has tech problems, unclear if from cyberattack

ZURICH Food group Mondelez International said employees in different regions were experiencing technical problems but it was unclear whether this was due to a cyberattack.