Companies and governments are being targeted by an updated version of a known virus, Europol said.
Its warning came as an international cyber attack caused disruption for major organisations including advertising firm WPP, European bank BNP Paribas and parts of the Ukrainian government's computer systems.
Europol, which helps EU member states fight international crime, said the latest attack, the second in as many months, is more sophisticated than one in May that affected the NHS among others. The group is monitoring the spread of the virus.
Europol executive director Rob Wainwright said: "This is another serious ransomware attack with global impact, although the number of victims is not yet known.
"There are clear similarities with the WannaCry attack, but also indications of a more sophisticated attack capability, intended to exploit a range of vulnerabilities.
"It is a demonstration of how cybercrime evolves."
While Europol says there are close links to the Petya virus, a type of malware thought to be responsible for the latest hack, global security firm Kaspersky Lab offered an alternative explanation.
Kaspersky Lab said the cyber attack was a new form of malware that shared similarities to the Petya malware but also "possesses entirely different functionality".
The company said the virus has attacked around 2,000 users so far, with Ukraine and Russia the worst-affected, and users in Poland, Italy, the UK, Germany, France and the US also hit.
In this attack, the virus encrypts computer files then demands payment of 300 dollars (£235) ransom in the online currency bitcoin in exchange for the captured data.
Advertising giant WPP said that a day after the ransomware struck, the company was still trying to restore services that had been disrupted.
In an email, the firm said: "Having taken steps to contain the attack, the priority now is to return to normal operations as soon as possible while protecting our systems."
A BNP Paribas spokeswoman said: "The necessary measures were taken rapidly to contain this attack."
She would not comment on whether or not the systems of the company's real estate arm were still down.
Two hospitals in the US were also affected, as well as pharmaceutical company Merck, and Cadbury owner Mondelez International.
Ukraine seems to be the worst affected by the ransom-demanding virus.
The malware hit on Tuesday, one day before a Ukrainian national holiday marking its independence from the Soviet Union and the creation of the country's constitution.
Ukrainian deputy prime minister Pavlo Rozenko posted a picture of a darkened computer screen on Twitter, saying the computer system at the government's headquarters had been shut down.
Russia's Rosneft energy company also reported being hit, as did shipping company AP Moller-Maersk, which said every branch of its business was affected.
Courier company FedEx said its TNT Express subsidiary had been "significantly affected" by the virus.
In a statement on Wednesday FedEx said the "operations and communications systems" of TNT Express had been disrupted, but there had been no data breach and other FedEx companies are not affected.
The company said: "Remediation steps and contingency plans are being implemented as quickly as possible.
"TNT Express domestic country and regional network services are largely operational, but slowed.
"We are also experiencing delays in TNT Express inter-continental services at this time. We are offering a full range of FedEx Express services as alternatives."
Customers are advised to call TNT Express Customer Service or visit www.tnt.com for updates.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereLast Updated:
Report this comment Cancel