WannaCry could have infected computers linked to some 500 IP addresses in Singapore

A programmer shows a sample of a ransomware cyberattack on a laptop in Taipei, Taiwan, on May 13, 2017.
A programmer shows a sample of a ransomware cyberattack on a laptop in Taipei, Taiwan, on May 13, 2017.PHOTO: EPA

SINGAPORE - Home and business computers tied to some 500 Internet protocol addresses or Internet accounts in Singapore could have been infected by the global ransomware WannaCry, said the Cyber Security Agency (CSA) of Singapore late Tuesday (May 16).

However, files in these computers might not be locked down by the ransomware, said Mr Dan Yock Hau, director of the National Cyber Incident Response Centre, in a statement.

The spread of WannaCry was stopped thanks to an accidental move by a 22-year-old researcher, who identified himself only as MalwareTech, reported The Guardian.

The researcher at Kryptos logic, an Los Angeles-based threat intelligence company, registered a garbled domain name hidden in the malware and stopped the virus in its tracks on Saturday. The researcher operates out of his family home in an English coastal town.

The National Cyber Incident Response Centre is a unit of CSA, which is working with the Infocomm Media Development Authority and Internet Service Providers (ISPs) to inform the potentially affected users. Affected users are advised to patch and clean up their systems as experts had warned that the attack could be rebooted.

Even so, CSA maintained that no information infrastructure in critical sectors such as healthcare, transport, telecommunications and finance have been affected as at end Tuesday. The Straits Times understands that the infection is tapering off in Singapore.

A small number of calls, however, did come from businesses and members of the public seeking more information on ransomware prevention and patching, said CSA.

"There were no calls asking for help to recover from the ransomware," said Mr Dan, noting that CSA will continue to monitor the situation closely.

Help is available via e-mail at singcert@csa.gov.sg or by calling 6323-5052. The public can also check www.csa.gov.sg/singcert for any advisory.

Singtel customers can call 1688, while its SME customers can call 1606. StarHub customers can call 1633, and its SME customers can call 1800-888-8888 for advice.

Variants of the worm started attacking Microsoft Windows machines last Friday (May 12). Old, unsupported systems such as Windows XP or Windows Server 2003 were vulnerable, and so were current Microsoft Windows systems that have not been fixed with a software patch released in March (2017).

Infected systems were locked down with a note demanding for ransom - earning WannaCry the term "ransomware".

Infection comes when users click on a bogus link or attachment in the e-mail. The virus has the ability to spread to multiple machines over a corporate intranet using a feature believed to have been developed by the United States National Security Agency - causing the attack to be unprecedented in scale by any ransomware.

WannaCry crippled hospitals in England and Scotland, government agencies in China and Russia, railway operations in Germany and car production facilities in France. Indonesia's Dharmais Cancer Hospital also could not access to patients' medical records.

The only known victim in Singapore is MediaOnline, which supplies digital signage to malls such as Tiong Bahru Plaza and White Sands.