Petya cyber-attack still disrupting firms weeks later

Some businesses hit by malware in a cyber-attack that began on 27 June are still struggling to return operations to normal, the BBC has learned.

Nuance Communications, which provides transcription software for medical professionals, has slowly been bringing its products back online.

But one IT worker told the BBC that two US hospitals were still having issues.

A security researcher said the situation was "alarming" but praised the transparency of some companies.

The IT worker, who wished to remain anonymous, said: "We have been waiting for [Nuance Communications'] iChart [product] since they were first hit with the ransomware and are still waiting for it to come back.

"We will likely have to move to another product or even another vendor to get the same type of benefit."

A spokesman for Nuance Communications declined to comment on the matter, but directed the BBC to an update from 5 July.

On Monday, logistics company FedEx said customers of its TNT Express arm were still experiencing "widespread" service and invoicing delays.

Shipping giant Maersk was also affected by Petya.

Some port terminals managed by its subsidiary APM Terminals had to be shut down in the wake of the attack.

Maersk had restored all of its major systems and customer interfaces, a spokesman told the BBC.

But he added: "There are some delays on some processes due to manual workarounds or backlogs that needed to be cleared.

"In some cases our turn time to customers might be longer than usual, but we are nevertheless providing them with the services they expect from us."

There have been financial costs, too.

Some affected companies, including Mondelez International - which owns chocolate-maker Cadbury - and consumer health manufacturer Reckitt Benckiser, said the effect of the attack would deduct a few percentage points from their quarterly sales figures.

French construction giant Saint-Gobain, which recorded €39.1bn (£34.7bn) in sales in 2016, said sales in the first half of the current financial year would probably drop by about 1%.

"On one hand, it is alarming to see large multinational corporations still feeling the impact and attempting to recover systems," said security researcher Kevin Beaumont.

"On the other hand, it is good to see some of the businesses communicating so openly about the problems they are experiencing."

Both Mr Beaumont and Mikko Hypponen, at cyber-security company F-Secure, have praised Maersk's openness.

The wave of malware infections that unfolded during the Petya cyber-attack appeared to begin in Ukraine at the end of June.

Since then, about £8,000 of ransom payments in Bitcoin have been moved from a digital wallet - but it is still not known who was behind the attack.