A massive ransomware attack has hit computers and servers across the globe causing turmoil in its path.

Here's what we know so far.

How did it start?

The attack first shut down operations in Russia and Ukraine before spreading to computers in Romania, the Netherlands, Norway, France, Spain, and Britain.

In a matter of hours, the attack had gone global, hitting the US and India.

Some businesses in Australia — including the Cadbury chocolate factory in Hobart — were also affected.

Key points: The attack first shut down operations in Russia and Ukraine before going global

The attack first shut down operations in Russia and Ukraine before going global Experts are scrambling to determine the scope and impact of the attacks

Experts are scrambling to determine the scope and impact of the attacks It is believed the latest attack might be a ransomware virus called Petya

How does it work?

It's now believed to be a variant of past viruses derived from code known as Eternal Blue developed by the US National Security Agency (NSA).

In the Ukraine, it silently infected computers after users downloaded a popular tax accounting package or visited a local news site.

It freezes a user's computer until a "ransom" of $US300 ($395) is paid in virtual currency bitcoin.

More than 30 victims have reportedly paid up.

Experts have said it's not as virulent as last month's WannaCry attack.

The virus can leap from computer to computer once unleashed within an organisation but — unlike WannaCry — it could not randomly trawl the internet for its next victims.

The director of the Australian Centre for Cyber Security at UNSW, Professor Jill Slay, said the attack seemed to be in Europe, Russia and reaching the US.

"It spreads apparently by having a 'bad' instruction — like a small piece of computer code — hidden inside a Word or PDF document," Professor Slay said.

"This bad instruction attacks a Windows operating system basically taking over a computer — in this case it seizes the files and encrypts them and then the bad guys ask for money to decrypt — this means you cannot open or read your own files."

Who started it and how can we trace them?

Hackers have asked to be paid in Bitcoin. ( AFP: George Frey )

The source is still unknown.

And even if people pay a ransom through bitcoin, it's virtually untraceable.

"It is being suggested that the roots of this are in the Ukraine," Professor Slay said.

"This is the kind of issue that investigators have determined from the fact that original accompanying emails are written in Russian and Ukrainian.

"However, attribution is always difficult."

Companies and government agencies confirmed to be affected: Merck: second-largest drug maker in the United States, based in New Jersey

Merck: second-largest drug maker in the United States, based in New Jersey Rosneft: Russia's largest oil company, partly state-owned

Rosneft: Russia's largest oil company, partly state-owned Ukraine: power grid, banks, government offices and international airport

Ukraine: power grid, banks, government offices and international airport TNT Express: Netherlands-based transport company

TNT Express: Netherlands-based transport company AP Moller-Maersk: oil and shipping company based in Copenhagen, Denmark

AP Moller-Maersk: oil and shipping company based in Copenhagen, Denmark Mondelez International: US food and drinks company based in New Jersey

Mondelez International: US food and drinks company based in New Jersey DLA Piper: global law firm based in US and UK

DLA Piper: global law firm based in US and UK Heritage Valley Health System: hospital and health care system near Pennsylvania

Heritage Valley Health System: hospital and health care system near Pennsylvania WPP: advertising company based in London

Will this latest attack have ramifications for businesses and should they pay the ransom?

Professor Slay said it remained to be seen whether they should pay up.

"We don't know whether they really do decrypt if the price is paid," she said.

She said even if they haven't been hacked, businesses should do the due diligence and be prepared.

"They should update all Windows systems if not updated and make sure all critical files are backed up," she said.

"Businesses should also have a look at control systems which may not get fast updates since this virus seems to be attacking control systems [electricity, transport etc]."

Should regular Australians be worried and are they at risk?

They could be.

Professor Slay said Australian home computer users should make sure they:

Back up files

Back up files Turn on Microsoft updates

Turn on Microsoft updates Take special care not to open emails with PDF or Word attachments if they are not expecting them or if they do not know the sender

What is the first sign you might have been hacked?

You'll see this:

Loading

"I think it is an email asking for ransom and inability to open files or systems seizing up," Professor Slay said.

Will turning your computer off quickly stop the hackers from accessing your information?

Professor Slay said this was unlikely to protect you.

"I would think not, once the attachment is open — if this is really the only way it is being spread — then it will work very quickly," she said.

"Just be really careful to back up, update Windows and applications, do not open unexpected attachments to emails — this is what we should be doing anyway — and install antivirus software if you do not have it already."

But, there is a school of thought that the sooner you turn off your computer, the better as your files might not be encrypted yet."