China hit by cyber virus, Europe tries to stop attacks
Shares in firms that provide cybersecurity services rise
BEIJING/LONDON (Reuters) – The WannaCry “ransomware” cyber attack hobbled Chinese traffic police and schools on Monday as it rolled into Asia for the new work week, while authorities in Europe said they were trying to prevent hackers from spreading new versions of the virus.
In Britain, where the virus first raised global alarm when it caused hospitals to divert ambulances on Friday, it gained traction as a political issue just weeks before a general election. The opposition Labour Party accused the Conservative government of leaving the National Health Service vulnerable.
Shares in firms that provide cybersecurity services rose with the prospect that companies and governments would have to spend more money on defenses.
Some victims were ignoring official advice and paying the $300 ransom demanded by the cyber criminals to unlock their computers, which was due to double to $600 on Monday for computers hit by Friday’s first wave.
Brian Lord, managing director of cyber and technology at cybersecurity firm PGI, said victims had told him “the customer service provided by the criminals is second to none,” with helpful advice on how to pay: “One customer said they actually forgot they were being robbed.”
Although the virus’s spread was curbed over the weekend in most of the world, France, where carmaker Renault was among the world’s highest-profile victims, said more attacks are likely.
“We should expect similar attacks regularly in the coming days and weeks,” said Giullaume Poupard, head of French government cybersecurity agency ANSSI. “Attackers update their software... other attackers will learn from the method and will carry out attacks.”
Companies and governments spent the weekend upgrading software to limit the spread of the virus. Monday was the first big test for Asia, where offices had already mostly been closed for the weekend before the attack first arrived.
British media were hailing as a hero a 22-year-old computer security whiz who appeared to have helped stop the attack from spreading by discovering a “kill switch” – an Internet address that halted the virus when activated.
China appeared over the weekend to have been particularly vulnerable, raising worries about how well the world’s second-largest economy would cope when it opened for business on Monday. However, officials and security firms said the spread was starting to slow.
“The growth rate of infected institutions on Monday has slowed significantly compared to the previous two days,” said Chinese Internet security company Qihoo 360. “Previous concerns of a wide-scale infection of domestic institutions did not eventuate.”
Qihoo had previously said the attack had infected close to 30,000 organizations by Saturday evening, more than 4,000 of which were educational institutions.
The virus hit computers running older versions of Microsoft software that had not been recently updated. Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks.
In a blog post on Sunday, Microsoft president Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: The attack made use of a hacking tool built by the US National Security Agency that had leaked online in April.
Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading. Some have also been machines involved in manufacturing or hospital functions, difficult to patch without disrupting operations.
“The government’s response has been chaotic, to be frank,” the British Labour Party’s health spokesman Jon Ashworth said. “They’ve complacently dismissed warnings which experts, we now understand, have made in recent weeks.”
“The truth is, if you’re going to cut infrastructure budgets and if you’re not going to allow the NHS to invest in upgrading its IT, then you are going to leave hospitals wide open to this sort of attack.”
Britain’s National Health Service (NHS) is the world’s fifth-largest employer after the US and Chinese militaries, Walmart and McDonald’s. The government says that under a previous Labour administration the trusts that run local hospitals were given responsibility to manage their own computer systems.
Asked if the government had ignored warnings over the NHS being at risk from cyber attack, Prime Minister Theresa May told Sky News: “No. It was clear warnings were given to hospital trusts.”
An official from Cybersecurity Administration China told local media on Monday that while the ransomware was still spreading and had affected industry and government computer systems, the spread was slowing.