Japan and China wake up to global 'ransomware' cyberattack while Microsoft slams US government 

Network cables are seen going into a server
A massive ransomware worm hit thousands of computer systems around the world Credit: AFP

Japan and China have fallen victim of a global "ransomware" cyberattack that has created chaos in 150 countries as Microsoft pinned blame on the US government for not disclosing more software vulnerabilities.

The initial attack, known as "WannaCry," paralyzed more than 200,000 computers, including those which that run Britain's hospital network, Germany's national railway and other companies and government agencies worldwide, in what's believed to be the biggest online extortion scheme ever.

Nissan Motor confirmed on Monday some units had been targeted, but there was no major impact on its business.

Hitachi spokeswoman Yuko Tainiuchi said emails were slow or not getting delivered, and files could not be opened. The company believes the problems are related to the ransomware attack, although no ransom is being demanded. They were installing software to fix the problems.

The Japan Computer Emergency Response Team Coordination Center, a non-profit providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far.

A few individuals also reportedly were affected.

Meanwhile, Chinese state media say more than 29,000 institutions across the country have been infected.

Xinhua News Agency reports that by Sunday evening, 29,372 institutions had been infected along with hundreds of thousands of devices. It cited the Threat Intelligence Center of Qihoo 360, a Chinese internet security services company.

It says universities and educational institutions were among the hardest hit, numbering 4,341, or about 15 percent of internet protocol addresses attacked. Also affected were railway stations, mail delivery, gas stations, hospitals, office buildings, shopping malls and government services.

Xinhua says the system used by PetroChina's gas stations was attacked, meaning customers could not use their cards to pay. Most stations had recovered.

Australia and New Zealand appeared to have escaped largely unscathed as they woke up for their first business day since the attack, which started after hours on Friday Australian time.

Cyber security minister Dan Tehan said on Monday that just three businesses had been hit by the bug, despite worries of widespread infection. There were no reported cases in New Zealand.

"At this stage, it does seem like that we have missed the major impact of this ransomware incident," Mr Tehan said on Australian Broadcasting Corp (ABC) radio.

Meanwhile South Korea's presidential Blue House office said on Monday there have been nine cases of ransomware found in the country so far, but did not provide details on where the cyber attacks were discovered.

South Korean authorities have been analysing 48 samples of the cyber worm and the government has warned South Koreans how to protect their computers from being taken hostage, said Blue House spokesperson Yoon Young-chan in a media briefing.

Australia and New Zealand appeared to have escaped largely unscathed as they woke up for their first business day since a massive ransomware worm hit thousands of computer systems around the world, disrupting operations at hospitals, shops and schools

The spread of the worm dubbed WannaCry - "ransomware" that -

Cyber security experts in the United States and Europe said the spread had slowed on Sunday, but warned the respite might be brief amid fears it could cause new havoc on Monday when employees return to work. New versions of the worm are expected, the experts said, and the extent - and economic cost - of the damage from Friday's attack were unclear.

In Australia, Alistair MacGibbon, special advisor to prime minister Malcolm Turnbull on Cyber Security, said some small businesses would likely be hit "but as a whole of nation we can be confident, so far, that we have missed the worst of this."

"We have seen no impact on our critical infrastructure, we have seen no impact in the health systems which is important, we have had no reports of any government agencies, state, territories or commonwealth impacted by this," Mr MacGibbon said.

Mr Tehan declined to provide details on the three affected companies, but said the first Australian company reported as hit was not "a government organisation or a hospital or anything like that."

In New Zealand, the Government Communications Security Bureau said it had not received any reports of the malware infection. The bureau had raised its cyber security of critical infrastructure, government departments and key businesses, it added.

Mr MacGibbon said it was still not known how the virus had originated and then spread, although it was likely the transmission included email.

Two Indonesian hospitals were also affected by the attack, with the communication and information ministry saying that the malware locked patient files on computers at the affected hospitals, both in the capital Jakarta.

Local media reported on Monday that patients arriving at Dharmais Cancer Hospital on the weekend were unable to get queue numbers and had to wait several hours while staff worked with paper records.

In a blog post on Sunday, Microsoft president Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: The ransomware attack leveraged a hacking tool, built by the US National Security Agency (NSA), that leaked online in April.

"This is an emerging pattern in 2017," Mr Smith wrote. "We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world."

He also poured fuel on a long-running debate over how government intelligence services should balance their desire to keep software flaws secret - in order to conduct espionage and cyber warfare - against sharing those flaws with technology companies to better secure the internet.

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," Smith wrote. He added that governments around the world should "treat this attack as a wake-up call" and "consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."

The NSA and White House did not immediately respond to requests for comment about the Microsoft statement, news agency Reuters reported.

  • The Telegraph Cyber Security conference, May 25 at IET London, Savoy Place, will focus on how business can protect themselves through leadership and resilience. Tickets are still available, here.

 

License this content