Several private companies have confirmed that they were struck by the attack, including:

• The American pharmaceutical giant Merck. • The Danish shipping company AP Moller-Maersk. • The British advertising firm WPP. • The French multinational Saint-Gobain. • A unit of the bank BNP Paribas. • The Russian steel and mining company Evraz. • The Russian energy company Rosneft. • The American food company Mondelez International.

Trading of FedEx’s shares were briefly halted on Wednesday after the company said that the global operations of a subsidiary, TNT Express, had also been impacted.

WHAT THE RANSOMWARE IS Cybersecurity researchers first called the new ransomware attack Petya, as it was similar to a ransomware strain known by that name that was first reported by Kasperksy in March 2016. But Kaspersky later said that its investigation into the new attack found that it was a type of ransomware that had never been seen before.

Photographs and videos of computers affected by the attack showed a message of red text on a black screen: “Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time.”

Symantec, a Silicon Valley cybersecurity firm, confirmed that the ransomware was infecting computers through at least one exploit, or vulnerability to computer systems, known as Eternal Blue. The exploit was leaked online last April by a mysterious group of hackers known as the Shadow Brokers, who have previously released hacking tools used by the National Security Agency. That vulnerability was used in May to spread the WannaCry ransomware, which affected hundreds of thousands of computers in more than 150 countries.

PEOPLE ARE PAYING Cybersecurity researchers identified a Bitcoin address to which the attackers are demanding a payment of $300 from their victims. At least some appear to have paid the ransom (As of Wednesday morning, the address had logged 45 transactions), even though the email address used by the attackers was shut down. That removes the possibility that the attackers could restore a victim’s access to their computer networks, even once ransom is paid.