Ransomware hits China schools; Europe fears more attacks

Few disruptions elsewhere in Asia, while European officials warn of new virus versions

Updated

Published

May 16, 2017, 05:00 AM

LONDON • The WannaCry ransomware cyber attack hobbled Chinese traffic police and schools as it rolled into Asia for the new work week, while the authorities in Europe said they were trying to prevent hackers from spreading new versions of the virus.

In Britain, where the WannaCry virus first raised global alarm when it caused hospitals to divert ambulances last Friday, some victims were ignoring official advice and paying the US$300 (S$420) ransom demanded by the cyber criminals to unlock their computers.

Companies and governments spent the weekend upgrading software to limit the spread of the virus, which has locked up hundreds of thousands of computers at factories, hospitals, shops and schools in more than 150 countries.

Yesterday was the first big test for Asia, where most offices had already been closed for the weekend before the attack first started.

However, officials and security firms in China said the spread was starting to slow.

"The growth rate of infected institutions on Monday has slowed significantly compared with the previous two days," said Chinese Internet security company Qihoo 360.

US and European officials scrambled to catch the culprits behind a massive ransomware worm that caused damage across the globe over the weekend, amid fears it could wreck fresh havoc on Monday when employees return to work.

Employees watching an electronic board to monitor possible cyber attacks at the Korea Internet and Security Agency in Seoul yesterday. PHOTO: EUROPEAN PRESSPHOTO AGENCY

"Previous concerns of a widescale infection of domestic institutions did not eventuate."

Qihoo had previously said the attack had infected close to 30,000 organisations by Saturday evening, more than 4,000 of which were educational institutions.

There were few disruptions in the rest of Asia, including Japan, India, South Korea and Australia.

However, France, where carmaker Renault was among the world's highest-profile victims, said more attacks were likely.

"We should expect similar attacks regularly in the coming days and weeks," said Mr Guillaume Poupard, head of French government cyber security agency Anssi.

"Attackers update their software... other attackers will learn from the method and will carry out attacks."

The WannaCry ransomware worm hits governments and businesses across Asia and experts warn of a wider impact to come globally as employees returning from the weekend switch on computers and check e-mails.

Russian President Vladimir Putin denied that his country, which has been accused of cyber meddling in several countries in recent years, had anything to do with the attack.

He said on the sidelines of a summit in Beijing that the incident was "worrisome", but had done "no significant damage" in Russia, and called for urgent international talks on countering the hackers.

The indiscriminate attack exploits known vulnerabilities in older Microsoft computer operating systems.

The attack blocks computers and puts up images on victims' screens that demand payment of US$300 in the virtual currency bitcoin, saying: "Ooops, your files have been encrypted!"

Payment is demanded within three days or the price is doubled and, if no payment is received within seven days, the locked files will be deleted, according to the screen message.

The culprits used a digital code believed to have been developed by the US National Security Agency, according to researchers at the Moscow-based computer security firm Kaspersky Lab.

So far, the main targets of the attack have been outside the United States, but this week could bring a wave of cyber attacks to the country, warned Mr Caleb Barlow, vice-president of threat intelligence for IBM.

"How the infections spread across Asia, then Europe overnight will be telling for businesses here in the United States," he said.

REUTERS, AGENCE FRANCE-PRESSE, NYTIMES