"Sophos is responding to a new variant of the Petya ransomware family that has affected organisations across Europe". The spy agency has not publicly said whether it built Eternal Blue and other hacking tools leaked online by an entity known as Shadow Brokers.
The company denied any accidental involvement with the attack on its Facebook page, but Microsoft, security firm Talos, and Ukraine's own national cyber security department pinned the blame on the software.
"Due to the cyberattack, the website of the Chernobyl nuclear plant is not working", said Ukraine's exclusion zone agency which oversees the Soviet plant that exploded in 1986 and is now surrounded by an uninhabited contaminated zone.
For the moment, Ukraine has been the country most affected by the attack, which targeted the Kiev metro, the state-run Ukrenergo electricity company, the Ukrtelecom telephone company and several cell phone operators, among many other firms.
The "Petya" ransomware has caused disruption at firms across the USA and Europe including advertising giant WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft. He said it bore resemblances to the previous "WannaCry" hack, but also showed indications of a "more sophisticated attack capability meant to exploit a range of vulnerabilities".
Danish shipping giant AP Moller-Maersk said it was among the victims, reporting outages at facilities including its Los Angeles terminal.
Tehan advised the affected computers should be isolated from the network to prevent the software spreading. At India's largest container port, one of the terminals was idled by the malicious software, which goes by a variety of names including ExPetr.
SingCert described Petya as "more risky and intrusive" than WannaCry; Petya encrypts the entire hard drive rather than each file individually.
Important. Posteo, the email provider for the email address you're supposed to contact in order to get your decryption key, has already disabled the account.
That hunch was buttressed by the way the malware appears to have been seeded using a rogue update to a piece of Ukrainian accounting software - suggesting an attacker focused on Ukrainian targets. Logistics firm FedEx says deliveries by its TNT Express subsidiary have been "slowed" by the cyberattack, which had "significantly affected" its systems.