Companies across the globe are reporting that they have been struck by a major ransomware cyber-attack. The virus, the source of which is not yet known, freezes the user's computer until an untraceable ransom is paid in the digital Bitcoin currency. Ukrainian firms, including the state power company and Kiev's main airport, were among the first to report issues. The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down.
In a statement, the US National Security Council said government agencies were investigating the attack and that the US was "determined to hold those responsible accountable". The US Department of Homeland Security advised victims not to pay the ransom, saying there was no guarantee that access to files would be restored.
The Russian anti-virus firm Kaspersky Lab said its analysis showed that there had been about 2,000 attacks - most in Ukraine, Russia and Poland.
Experts suggest the malware is taking advantage of the same weaknesses used by the WannaCry attack last month.
"It initially appeared to be a variant of a piece of ransomware that emerged last year," said computer scientist Prof Alan Woodward.
"The ransomware was called Petya and the updated version Petrwrap.
"However, now that's not so clear."
A South Korean hosting firm just paid $1m to get their data back and that's a huge incentive," he said. "It's the biggest incentive you could offer to a cyber-criminal."
A bitcoin wallet associated with the outbreak has received several payments since the outbreak began. The wallet currently holds just over 3.5 bitcoins (£6,775; $8,670). An email address associated with the blackmail attempt has been blocked by German independent email provider Posteo. It means that the blackmailers have not been able to access the mailbox.
Problems have also affected:
- the Ukrainian central bank, the aircraft manufacturer Antonov, and two postal services
- Russia's biggest oil producer, Rosneft
- Danish shipping company Maersk, including its container shipping, oil, gas and drilling operations. A port in Mumbai is among those that has halted operations a Pennsylvania hospital operator, Heritage Valley Health System, which reported its computer network was down, causing operations to be delayed - but it is not yet clear if it was subject to the same type of attack
- Spanish food giant Mondelez - whose brands include Oreo and Toblerone - according to the country's media. A Cadbury factory in Tasmania, Australia is affected
- Netherlands-based shipping company TNT, which said some of its systems needed "remediation"
- French construction materials company St Gobain
- US pharmaceuticals-maker Merck
- The local offices of the law firm DLA Piper - a sign in the firm's Washington DC office said: "Please remove all laptops from docking stations and keep turned off - no exceptions."