Updated at 4:47 p.m. ET
Ransomware hit at least six countries Tuesday, including Ukraine, where it was blamed for a large and coordinated attack on key parts of Ukraine's infrastructure, from government agencies and electric grids to stores and banks.
The malware is being called "Petya" — but there is debate in the security community over whether the ransomware is new or a variant that has been enhanced to make it harder to stop.
In either case, experts warn that it could spread globally, raising fears of a widespread attack like the WannaCry outbreak that struck in May.
The Maersk shipping company, based in Denmark, confirmed that its "IT systems are down across multiple sites and business units due to a cyber attack."
In the U.S., Department of Homeland Security spokesman Scott McConnell says the agency is "monitoring reports of cyber attacks affecting multiple global entities and is coordinating with our international and domestic cyber partners."
Any requests for help from DHS are confidential, McConnell says.
Computers hit by the malware display a locked screen that demands a payment to retrieve files. The malware promises to provide a specialized key to users who pay a ransom of $300 in bitcoins — the same ploy used by the WannaCry ransomware, which affected computers in more than 150 countries.
WannaCry was based on exploits stolen from the National Security Agency — including a program called EternalBlue, which exploited a Microsoft vulnerability. Petya reportedly shares some of WannaCry's traits — but while computers that had gotten a security patch were safe from WannaCry, Petya can also infect patched machines.
Mikko Hypponen, chief research officer at F-Secure, says Petya uses other exploits to spread in internal systems. "That's why patched systems can get hit."
Signs that this is a new strain led Kaspersky Lab malware analyst Vyacheslav Zakorzhevsky to say the outbreak comes from a "new ransomware we haven't seen before."
In an update, Kaspersky Lab said the attack has hit thousands of users, in Russia, Ukraine, Poland, Italy, the U.K., Germany, France and the U.S. Kaspersky is an NPR funder.
Raj Samani, head of strategic intelligence at McAfee, echoed these assessments.
"This outbreak does not appear to be as great as WannaCry," Samani said in a statement, "but the number of impacted organizations is significant."
Ukraine's security experts are working to fix the problem, according to the government portal. Until the issue is resolved, the government said, Ukrainians should simply turn off their computers.
While the malware's most concentrated effects were reported in Ukraine, several companies and at least one utility in Russia were also reportedly affected.
From Moscow, NPR's Lucian Kim reports, "Ukraine has blamed Russia for cyberattacks in the past, a charge Moscow denies. A number of Russian companies, including the state oil giant Rosneft, have also reported suffering cyberattacks today."
The attack struck at 2 p.m. local time, Ukraine's government says. The country's National Bank was among the first to report a problem. In Russia, the malware hit companies such as Mars, Nivea and Mondelez International, according to the Tass news agency.
Anton Gerashchenko, a lawmaker and adviser to Ukraine's interior minister, says he believes that despite its appearance as a ransomware hack, the attack is actually the work of Russian agents waging a type of hybrid warfare to try to destabilize Ukraine.
The malware was delivered in emails that had been created to resemble business correspondence, Gerashchenko said on his Facebook page. He added that the attack took days and likely weeks to stage before being activated.
Copyright 2017 NPR. To see more, visit http://www.npr.org/.
