A ransomware attack has struck across the globe, taking out servers at Russia's biggest oil company and shutting down computers at multinational businesses, including the Australian offices of a global law firm.

Key points: The attack first shut down operations in Russia and Ukraine before going global

The attack first shut down operations in Russia and Ukraine before going global Experts are scrambling to determine the scope and impact of the attacks

Experts are scrambling to determine the scope and impact of the attacks It is believed the latest attack might be a ransomware virus called Petya

The malicious software locks up computer files with all-but-unbreakable encryption and then demands a ransom in the virtual currency bitcoin for its release.

Global law firm DLA Piper has told Australian staff it has been the victim of a "major cyber incident" overnight.

Australian staff were advised via text early this morning that all DLA Piper IT systems have been taken down to contain the situation and have been warned not to attempt to log in to their computers or turn them on.

DLA has told staff it is unlikely IT systems will be fully restored during the course of the business day in the Asia-Pacific region.

"The firm, like many other reported companies, has experienced issues with some of its systems due to suspected malware," a DLA spokesperson said.

"We are taking steps to remedy the issue as quickly as possible."

In an SMS to staff, DLA says its IT systems have been taken down to contain the situation. ( Supplied )

The Cadbury chocolate factory in Hobart has also been targeted.

A union official said production was halted yesterday when the factory's computer system went down about 9:30pm.

AP Moller-Maersk, a Denmark-based oil and shipping company confirmed they were also hit in the so-called Petya attack which had affected "multiple sites and select business units".

While it was unclear whether computers at Maersk's Australian sites were infected by the virus, the phone lines at the company's Sydney office were initially down, and later played a prerecorded message.

"We can confirm that our systems are down across multiple sites basically because of the cyber attack," the message said.

"We continue to assess the situation ... our operations and our customers are our top priority. We will update when we have more information."

In a private memo sent to all staff, Maersk confirmed they had detected ransomware on a number of their global systems, ordering all employees to immediately turn off all PCs and that no information of the incident be shared to social media.

The memo said the company had contained the issue and was now working on a technical recovery plan.

International courier company TNT said it was assessing whether the same attack was responsible for "interference" in its IT system.

"Like many other companies and institutions around the world, we are experiencing interference with some of our systems within the TNT network," it said in a statement.

The origins of the malware remain unclear. Researchers picking the program apart found evidence its creators had borrowed from leaked National Security Agency code, raising the possibility that the digital havoc had spread using US taxpayer-funded tools.

'It's like WannaCry all over again'

Cyber security experts said those behind the attack appeared to have exploited the same type of hacking tool used in the WannaCry ransomware attack that infected hundreds of thousands of computers in May before a British researcher created a kill-switch and included code known as "Eternal Blue".

"It's like WannaCry all over again," said Mikko Hypponen, chief research officer with Helsinki-based cyber security firm F-Secure.

"Someone tell Asia and Australia to go back to bed and not check email this morning," cyber security expert Sergio Caltagirone wrote on Twitter.

Companies and government agencies confirmed to be affected: Merck: second-largest drug maker in the United States, based in New Jersey

Merck: second-largest drug maker in the United States, based in New Jersey Rosneft: Russia's largest oil company, partly state-owned

Rosneft: Russia's largest oil company, partly state-owned Ukraine: power grid, banks, government offices and international airport

Ukraine: power grid, banks, government offices and international airport TNT Express: Netherlands-based transport company

TNT Express: Netherlands-based transport company AP Moller-Maersk: oil and shipping company based in Copenhagen, Denmark

AP Moller-Maersk: oil and shipping company based in Copenhagen, Denmark Mondelez International: US food and drinks company based in New Jersey

Mondelez International: US food and drinks company based in New Jersey DLA Piper: global law firm based in US and UK

DLA Piper: global law firm based in US and UK Heritage Valley Health System: hospital and health care system near Pennsylvania

Heritage Valley Health System: hospital and health care system near Pennsylvania WPP: advertising company based in London

The Federal Minister responsible for cyber security, Dan Tehan, said the Government was doing all it could to prevent further outbreaks.

"We have been in contact with our Five Eyes partners and the national cyber security centres in those countries to get a good sense as to what is occurring," he told the ABC.

"We are monitoring the situation, we are in touch with other countries to see what impact is happening there.

"That is the best we can do at this stage."

Five Eyes is an intelligence alliance between Australia, Canada, New Zealand, the United Kingdom and the United States.

"The WannaCry incident of a month or so ago was a wake-up call for us on how this can start impacting across networks," the special adviser to the Prime Minister on cyber security, Alastair MacGibbon, said.

"We've always known this could happen. From a government point of view, our Computer Emergency Response Team will be reaching out to industry to make sure we're giving the right message."

Mr MacGibbon said if Australians were affected they should not pay any ransom.

"Our advice is you don't ever pay a criminal … There is no knowledge that they will actually unlock the system," he said.

"Attribution is always really hard online and the best advice we can give is how to prevent it from spreading and then of course we rake over the coals to try to work out who is behind it.

"It's just a sign again of how connected we are as a community, and we're not going to be less connected in time, that means we need to step our efforts up to protect ourselves."

The first reports of organisations being hit emerged from Russia and Ukraine, but the impact quickly spread westwards to computers in Romania, the Netherlands, Norway, France, Spain, and Britain.

Within hours, the attack had gone global, hitting the United States and India, among others.

Experts said the latest ransomware attacks unfolding worldwide, dubbed GoldenEye, were a variant of an existing ransomware family called Petya.

It uses two layers of encryption which have frustrated efforts by researchers to break the code, according to Romanian security firm Bitdefender.

"There is no workaround to help victims retrieve the decryption keys from the computer," the company said.

Russian security software maker Kaspersky Lab, however, said its preliminary findings suggested the virus was not a variant of Petya but a new ransomware not seen before.

Mr Hypponen said he expected the outbreak to spread further in the Americas as workers turned on vulnerable machines, allowing the virus to attack.

'Nobody can recover your files'

After the WannaCry attack, organisations around the globe were advised to beef up IT security.

Loading

"Unfortunately, businesses are still not ready and currently more than 80 companies are affected," said Nikolay Grebennikov, vice-president for R&D at data protection firm Acronis.

Many of the victims of Tuesday's cyber attack said their computers were blocked with a demand for $US300 ($395) worth of bitcoin to restore access to its files.

More than 30 victims paid into the bitcoin account associated with the attack, according to a public ledger of transactions listed on blockchain.info.

Loading

"If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service," the message said.

Cyber security firms scrambled to understand the scope and impact of the attacks, seeking to confirm suspicions hackers had leveraged the same type of hacking tool exploited by WannaCry, and to identify ways to stop the onslaught.

Ukraine was particularly badly hit, with Prime Minister Volodymyr Groysman describing the attacks on his country as "unprecedented".

An adviser to Ukraine's Interior Minister said the virus got into computer systems via "phishing" emails written in Russian and Ukrainian, designed to lure employees into opening them.

According to the state security agency, the emails contained infected Word documents or PDF files as attachments.

Ukrainian Deputy Prime Minister Pavlo Rozenko said the Government's computer network had gone down and the central bank said a operation at a number of banks and companies, including the state power distributor, had been disrupted by the attack.

Last's month's fast-spreading WannaCry ransomware attack was crippled after a 22-year-old British security researcher Marcus Hutchins created a so-called kill-switch that experts hailed as the decisive step in slowing the attack.

Any organisation that heeded strongly worded warnings in recent months from Microsoft Corp to urgently install a security patch and take other steps appeared to be protected against the latest attacks.

ABC/wires