'Petya' cyber attack spreads to US pharma giant Merck after ransomware infects Ukrainian national bank

Emily Shugerman
Updated

One of the largest pharmaceutical companies in the world has been hit by a global ransomware attack, the company says.

The so-called "Petya" cyberattack, which started in Ukraine, has spread across the globe over the last 24 hours. The attack hit major companies in countries like Spain, India, and the UK, and now appears to have reached the US.

"We confirm our company's computer network was compromised today as part of global hack," American pharmaceutical company Merck & Co tweeted. "Other organizations have also been affected. We are investigating the matter and will provide additional information as we learn more."

The New Jersey-based drugmaker made the announcement around 11 am on Monday. Internal communications instructed employees to disconnect mobile devices from the network and refrain from posting on social media, according to the Philadelphia Inquirer.

“The company is currently experiencing a hostile ransomware attack on its network systems,” the internal communication said. “While IT risk management and global security respond to this threat please remain calm.”

The company had reported sizeable stock market gains just that day, after revealing that a promising new cholesterol drug had passed major tests.

Meanwhile, the Petya attack had already hit at least five other countries. Russia's top oil producer, Britain's biggest advertising agency, and a major Danish shipping company were all affected.

In Ukraine, the attack was being described as the biggest in the country's history. Ukraine’s national bank, state power company and largest airport all saw their networks crash as a result.

“The official site of the airport and the scoreboard with the schedule of flights aren't working!” Boryspil International Airport acting director Pavel Ryabikin wrote on Facebook.

ATMs and supermarket tills were also left inoperable, flashing a message left by the hackers.

Ransomware works by locking users out of their computers and demanding a ransom in order to re-gain entry. The ransom in his virus is reported to be $300 (£235).

Analysts say this virus appears to function similarly to the WannaCry bug that infected more than 230,000 computers in 150 countries last month. That virus also spread quickly across the globe, locking down NHS computers in Britain and causing thousands of appointments and procedures to be delayed.

The British National Cyber Security Centre said on Monday that it was "aware of the global ransomware incident" and is "monitoring the situation closely".

The US Computer Emergency Readiness Team, a subset of the Department of Homeland Security, said they had received "multiple reports" of Petya ransomware on networks "around the world". They discouraged those affected from paying the ransom, and urged consumers to update any unpatched and unsupported software.