Computers and departure boards at Boryspil International Airport in Kiev - the largest in Ukraine - were also affected. And law firm DLA Piper said it had taken down its systems in response to "a serious global cyber incident".
"It seems to be done by professionals criminals, and I think money is the motivation", said Sean Sullivan, a researcher at the Finnish cybersecurity group F-Secure.
He said that a radiation leak was avoided due to "excess levels of control" at the plant but staff have had to manually monitor radiation levels, because they can't access the metrics on their computers.
Group IB said the ransomware infects and locks a computer, and then demands a $300 ransom to be paid in Bitcoins.
Tweeted on 27 June by Maxim Eristavi, a fellow at Atlantic Council - and sourced from Twitter user Mikhail Golub - the picture shows bewildered shoppers looking on in confusion as every single computer terminal clearly displayed the ransomware demand.
Ukraine appears to have been particularly hard hit, with the country's government reporting that some of its systems, as well as those of key institutions including banks and telecom providers, had been affected.
"As a result of these cyber attacks these banks are having difficulties with client services and carrying out banking operations", the central bank said in a statement.
Russian state oil giant Rosneft said earlier that its servers suffered a "powerful" cyberattack but thanks to its backup system "the production and extraction of oil were not stopped".
"Organizations in Russian Federation and the Ukraine are the most affected, and we have also registered hits in Poland, Italy, the UK, Germany, France, the United States and several other countries", Kaspersky said in a statement.
The US Department of Homeland Security said it was monitoring reports of cyber attacks around the world and coordinating with other countries.
"Our global special situations management team is in place, and they are working to resolve the situation as quickly as possible", the company said in a statement.
Some cases of European companies with offices in the United States or based in the USA hit by the widespread attack were also reported.
In the U.S, a hospital in western Pennsylvania said it was dealing with a "widespread" cyberattack, but didn't immediately release further details.
The plant's destroyed reactor was enclosed in a huge metal structure past year in a bid to stop radiation leaks at the site, where more than 200 tonnes of uranium remain.