The U.S.-based pharmaceutical firm Merck (MRK) also said it was hit.
“We confirm our firm’s computer network was compromised today as the victim of the global hack,” Merck said on Twitter.
Mondelez (MDLZ), the corporation that owns Oreos, Cadbury, and many other global snack names, reported a network outage across its global operations. And law firm DLA Piper said it had brought down its systems in response to “a serious global cyber incident.”
The origin of the attack is not yet clear. It is similar to WannaCry, that spread globally in May, but there are variations. Both asked victims to give Bitcoin to get their files back, and both use a related flaw to spread through networks.
The Moscow-based cyber security corporation Group-IB estimated Tuesday that the virus attacked about 80 companies in Russia and Ukraine.
Group-IB announced the ransomware infects and locks a computer, and later demands a $300 ransom to be paid in Bitcoins.
Many firms, including Symantec, have proposed the ransomware is a modification of Petya, a known ransomware. But according to security firm Kaspersky Lab, prefatory findings indicate the attacks are from a new ransomware that it’s promptly calling “ExPetr.”
Either way, researchers said Tuesday’s attacks use a Windows vulnerability called EternalBlue to spread within corporate networks. WannaCry also used the EternalBlue exploit, which was leaked as a portion of a trove of hacking tools supposed to belong to the NSA. Microsoft (MSFT, Tech30) announced patches for the exploits in March.
Microsoft said it determined that the ransomware is using multiple techniques to grow, including one that was written in the security patch released in March. It is proceeding to investigate.
The U.S. Department of Homeland Security is also watching the cyber attacks.
Spokesman Scott McConnell said DHS is “coordinating with our foreign and domestic cyber partners. We stand ready to support any requests for assistance.”
Europol said it is investigating the attack as well.