A major global cyber attack disrupted computers at Russia's biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware that last month infected more than 300,000 computers. 

The rapidly spreading cyber extortion campaign underscored growing concerns that businesses have failed to secure their networks from increasingly aggressive hackers.

Hackers have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks.

It included code known as "Eternal Blue," which cybersecurity experts widely believe was stolen from the US National Security Agency and was also used in last month's ransomware attack, named "WannaCry."

The ransomware virus crippled computers running Microsoft Corp's Windows by encrypting hard drives and overwriting files, then demanded $300 in bitcoin payments to restore access.

More than 30 victims paid into the bitcoin account associated with the attack, according to a public ledger of transactions listed on blockchain.info.

Microsoft said the virus could spread through a flaw that was patched in a security update in March.

Russia and Ukraine were most affected, with other victims spread across countries including Ireland, Britain, France, Germany, Italy, Poland and the United States.

The attack is affecting companies across the world, including in Ireland.

Shipping group Maersk said earlier its computer systems in the UK and Ireland are down.

Russia's biggest oil company, Ukraine's international airport, WPP, the world’s biggest advertising firm, food company Mondelēz, and pharmaceutical giant Merck are also affected.

Cyber security experts say this may be a coordinated ransomware attack similar to one that targeted computer systems in May.

Ireland’s National Cyber Security Centre has said it has been monitoring the situation as it has unfolded this afternoon, and issued an advisory at 3.30pm to Government departments and agencies.

The centre said it "has been in discussions with industry and with infrastructure providers around the details of this malware, and the general characteristics are relatively clear at this point.

"At present, there have been no reports of systems based in Ireland affected by this malware, but the centre will continue to monitor developments through the evening.

The advice to users remains the same - don't click on any links or documents if you are not certain of the source, and ensure that your systems are patched and up to date

Pharmaceutical company MSD confirmed that computer systems at its Irish operation were "compromised" today by a suspected cyber attack.

In a statement the company said: "We can confirm that the Merck/MSD computer network was compromised today as part of a global hack. Other organisations have also been affected. We are investigating the matter and will provide additional information as we learn more."

The radiation monitoring system at Ukraine's Chernobyl nuclear site was taken offline after the cyber attack, forcing employees to use hand-held counters to measure levels, officials said.

"Due to the cyber attack, the website of the Chernobyl nuclear plant is not working," a spokesperson for Ukraine's exclusion zone agency said.

The body oversees the Soviet plant, which exploded in 1986 and is now surrounded by an uninhabited contaminated zone.

"Due to the temporary shutdown of the Windows system, the radiation monitoring of the industrial area is being done manually," the agency said on its website.

Security experts said they expected the impact to be smaller than WannaCry since many computers had been patched with Windows updates in the wake of WannaCry last month to protect them against attacks using Eternal Blue code.

Researchers said the attack may have borrowed malware code used in earlier ransomware campaigns known as "Petya" and "GoldenEye."

The US Department of Homeland Security said it was monitoring the attacks and coordinating with other countries.

It advised victims not to pay the extortion, saying that doing so does not guarantee access will be restored.

The NSA did not respond to a request for comment.

The agency has not publicly said whether it built Eternal Blue and other hacking tools leaked online by an entity known as Shadow Brokers.

The first attacks were reported from Russia and Ukraine.

Russia's Rosneft, one of the world's biggest crude producers by volume, said its systems had suffered "serious consequences," but added oil production had not been affected because it switched over to backup systems.

Ukrainian Deputy Prime Minister Pavlo Rozenko said the government's computer network went down and the central bank reported disruption to operations at banks and firms including the state power distributor.

WPP, the world's largest advertising agency, said it was also infected. A WPP employee said that workers were told to shut down their computers: "The building has come to a standstill."

Security experts said they did not believe that the ransomware released today had a kill switch, meaning that it might be harder to stop.

Cyber intelligence firm Flashpoint said it believed the outbreak began in Ukraine, where attackers loaded the ransomware onto computers when they requested updates of a widely used accounting software program.

An adviser to Ukraine's interior minister said earlier in the day that the virus got into computer systems via "phishing" emails written in Russian and Ukrainian designed to lure employees into opening them.

According to the state security agency, the emails contained infected Word documents or PDF files as attachments.

Those hit by cyber attacks include:


Russia's top oil producer Rosneft said its servers had been hit been a large-scale cyber attack but its oil production was unaffected.


Danish shipping giant A.P. Moller-Maersk, which handles one out of seven containers shipped globally, said a cyber attack had caused outages at its computer systems across the world.

Maersk's port operator APM Terminals was also hit. Dutch broadcaster RTV Rijnmond reported that 17 shipping container terminals run by APM Terminals had been hacked, including two in Rotterdam and 15 in other parts of the world.


Britain's WPP, the world's biggest advertising company, said computer systems within several of its agencies had been hit by a suspected cyber attack.


Pharmaceutical company Merck & Co said in a tweet its computer network was compromised as part of a global hack.


Russia's central bank said there had been "computer attacks" on Russian banks and that in isolated cases their IT systems had been infected.

All Russian branches of Home Credit consumer lender are closed because of a cyber attack, an employee of a Home Credit call centre in Russia said.


A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyber attack that disrupted some operations, the Ukrainian central bank said.


Yevhen Dykhne, director of the capital's Boryspil Airport,said it had been hit. "In connection with the irregular situation, some flight delays are possible," Dykhne said in a post on Facebook.


French construction materials company Saint Gobain said it had been a victim of a cyber attack, and it had isolated its computer systems to protect data.


German postal and logistics company Deutsche Post said systems of its Express division in the Ukraine have in part been affected by a cyber attack.


Germany's Metro said its wholesale stores in the Ukraine had been hit by a cyber attack and the retailer was assessing the impact.


Food company Mondelez International said employees in different regions were experiencing technical problems but it was unclear whether this was due to a cyber attack.


The Netherlands-based shipping company said it was experiencing interference with some of its systems, following a global ransomware attack.


Russian steelmaker Evraz said its information systems had been hit by a cyber attack but its output was not affected.


A ransomware cyber attack is taking place in Norway and is affecting an unnamed international company, the Nordic country's national security authority.


A unit of Mars Inc has been targeted by cyber attackers, and the company has isolated the issue, a spokeswoman for the company said.


India-based employees at Beiersdorf AG, the maker of Nivea skincare products, told Reuters the ransomware attack had impacted some of the company's systems in the country. The extent of the impact as unclear and Beiersdorf, which is based in Germany, could not be reached immediately for comment in India.


The Indian unit of British consumer goods company Reckitt Benckiser Group Plc, which owns brands such as Enfamil, Dettol and Lysol, was also hit by the ransomware attack, employees in India told Reuters.

The extent of the impact on its systems was not immediately clear and the company could not be reached for comment in India.