Chaos as hospitals, telcos and schools hit

Full extent of damage still to be determined as initial impact was over the weekend

Above: A window announcing the encryption of data including a requirement to pay appears on an electronic timetable display at the railway station in Chemnitz, eastern Germany, last Friday. Left: The website of the NHS: East and North Hertfordshire n
A window announcing the encryption of data including a requirement to pay appears on an electronic timetable display at the railway station in Chemnitz, eastern Germany, last Friday. PHOTOS: AGENCE FRANCE-PRESSE
Above: A window announcing the encryption of data including a requirement to pay appears on an electronic timetable display at the railway station in Chemnitz, eastern Germany, last Friday. Left: The website of the NHS: East and North Hertfordshire n
The website of the NHS: East and North Hertfordshire notifying users of a problem in its network, also last Friday. PHOTOS: AGENCE FRANCE-PRESSE

LONDON • Last Friday's cyber attack affected some hospitals, schools, universities and other institutions in Asia, though the full extent of the damage is not yet known because it is the weekend.

"I believe many companies have not yet noticed," said Mr William Saito, a cyber-security adviser to Japan's government. "Things could likely emerge on Monday" as staff return to work.

China's information security watchdog said "a portion" of Windows systems users in the country were infected, according to a notice posted on the official Weibo page of the Beijing branch of the Public Security Bureau yesterday. Xinhua state news agency said some secondary schools and universities were hit.

In Vietnam, Mr Vu Ngoc Son, a director of Bkav Anti Malware, said dozens of cases of infection had been reported there, but he declined to identify any of the victims.

South Korea's Yonhap news agency reported a university hospital had been affected, while a communications official in Indonesia said two hospitals there had been hit.

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers last Friday.

International shipper FedEx said some of its Windows computers were also breached. "We are implementing remediation steps as quickly as possible," a FedEx statement said.

Telecommunications company Telefonica was among many targets in Spain. Portugal Telecom and Telefonica Argentina both said they were also targeted.

Russia's interior and emergencies ministries, as well as its biggest bank, Sberbank, said they were targeted by ransomware. The Interior Ministry said about 1,000 computers had been infected but it had localised the virus.

Only a small number of United States-headquartered organisations were hit because the hackers appear to have begun the campaign by focusing on targets in Europe, said Mr Vikram Thakur, principal research manager at Symantec.

By the time they turned their attention to the US, spam filters had identified the new threat and flagged the ransomware-laden e-mails as malicious, he added.

The spread of the ransomware capped a week of cyber turmoil in Europe that began when hackers posted a trove of campaign documents tied to French candidate Emmanuel Macron just before a run-off vote in which he was elected president of France.

On Wednesday, hackers disrupted the websites of several French media companies and aerospace giant Airbus.

The hack happened four weeks before a British general election on June 8, in which national security and the management of the state-run National Health Service (NHS) are important issues.

The attack caused some British hospitals to stop accepting patients, doctor's offices to shut down, emergency rooms to divert patients, and critical operations to be cancelled as a decentralised system struggled to cope.

At some hospitals, nurses could not even print out name tags for newborn babies.

At the Royal London Hospital in East London, hotel cook George Popescu, 23, showed up with a forehead injury.

"My head is pounding and they say they can't see me," he said. "They said their computers weren't working. You don't expect this in a big city like London."

Many of the NHS computers still run Windows XP, whose maker Microsoft discontinued the security updates for it in 2014. It made a patch, or fix, available in newer versions of Windows for the flaws that were exploited in Friday's attack.

Several news reports have addressed the outdated systems of the NHS that potentially left confidential patient data vulnerable to attack. Last November, Sky News did an investigation showing that units of the NHS, serving more than two million people, spent nothing on cyber security in 2015.

Ms Jennifer Arcuri, of Hacker House, which worked with Sky on the report, said then: "I would have to say that the security across the board was weak for many factors."

Last Friday, she said on Twitter: "We told every(one) back in Nov this would happen! @myhackerhouse identified NHS trusts putting patient data at risk."

Ms Esther Rainbow, a manager of cardiac services at the Barts unit of the NHS in London, described how they had to revert to the old paper system.

"For us, the main issue has been getting information," she said. "At Barts, we were told not to use our work mobiles and to turn off all Wi-Fi. Later in the day, we were told to unplug everything from the network. The main impact in terms of the diagnostics was that we had no idea who was turning up and which patient was seeing which unit," she added.

"As the day went on, it felt a little bit more scary as we were told to shut things down and unplug things. We also don't know what other patients are due to come in," she said.

REUTERS, NYTIMES

WATCH THE VIDEO

Chaos across hospitals in Britain as computers shut down. http://str.sg/46hn

File

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Sunday Times on May 14, 2017, with the headline Chaos as hospitals, telcos and schools hit. Subscribe