This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.nytimes.com/2017/05/15/world/asia/china-cyberattack-hack-ransomware.html

The article has changed 9 times. There is an RSS feed of changes available.

Version 3 Version 4
China Hit Hard by Hacking Attack as Asia Assesses Damage Cyberattack Spreads in Asia, Though No ‘Second Wave’ Is Seen
(about 4 hours later)
HONG KONG — Asia began to grapple on Monday with its share of the ransomware attacks taking aim at computers across the globe, with China reporting disruptions at tens of thousands of institutions. HONG KONG — A global cyberattack spread to thousands of additional computers on Monday as workers logged in at the start of a new workweek.
China at first seemed to have escaped the brunt of the breaches, but new cases kept emerging over the weekend. The state news media said on Monday that about 40,000 institutions had been struck; of those, 4,000 were academic. Universities, hospitals, businesses and daily life were disrupted, but no catastrophic breakdowns were reported. In Europe, where the cyberattack first emerged, officials said it appeared that a much-feared second wave based on copycat variants of the original malicious software had not yet materialized.
The numbers could grow as computer security experts assess the damage after the start of the workweek on Monday, though analysts said that cases in China, where the use of pirated software has long been a problem, were likely to be underreported. The new disruptions were most apparent in Asia, where many workers had already left on Friday when the attack broke out.
On social media, students reported being locked out of final papers, while other people said A.T.M.s, some government offices and the payment systems at gas stations had been affected. Talk of how to avoid the virus was widespread on the messaging app WeChat over the weekend. China alone reported disruptions at nearly 40,000 organizations, including about 4,000 academic institutions, figures that experts say are most likely to be low estimates, given the prevalence of pirated software there.
Some of the gems of higher education in China, including Tsinghua University and Peking University, were hit by the hacking, according to the state-run news media. The schools are centers of scientific and computing research for the government. The list of affected institutions includes two of China’s most prestigious institutions of higher education, Tsinghua and Peking Universities; a movie theater chain in South Korea; and blue-chip companies in Japan like Hitachi and Nissan, which emphasized that their business operations had not been impaired.
The cyberattack has afflicted 200,000 computers in more than 150 countries. Transmitted by email, the malicious software, or malware, locks users out of their computers, threatening to destroy data if a ransom is not paid.
The so-called ransomware continued to ripple through politics and markets on Monday. Russia’s president, Vladimir V. Putin, blamed the United States, noting that the malicious software used in the attack had originally been developed by the National Security Agency. (It was then stolen and released by an elite hacking group known as the Shadow Brokers.)
On Monday morning, 11 technology companies in China, mostly dealing in internet security, suspended trading after their stocks rose 10 percent, the daily limit. Shares in European cybersecurity firms gained in early trading on Monday, as investors appeared to target companies that would benefit from increased attention on keeping data, networks and computers secure.
The disruptions in China cast a shadow over a major international conference that Beijing is hosting to promote its $1 trillion “One Belt, One Road” initiative, with participation from world leaders like Mr. Putin.
On Chinese social media, students reported being locked out of final papers, while other people said that A.T.M.s, some government offices and the payment systems at gas stations had been affected. Talk of how to avoid the virus was widespread on the messaging app WeChat over the weekend.
Securities and banking regulators issued warnings to businesses and financial institutions to audit their networks before bringing computers online to limit damage from the intrusion. The securities regulator also said that it had taken down its network and was installing a patch as a security measure.Securities and banking regulators issued warnings to businesses and financial institutions to audit their networks before bringing computers online to limit damage from the intrusion. The securities regulator also said that it had taken down its network and was installing a patch as a security measure.
The state-run oil company, PetroChina, confirmed that the attack had disrupted the electronic payment capabilities at many of its gas stations over the weekend. By Sunday, it said 80 percent of its stations were functioning normally. The state-run oil company, PetroChina, confirmed that the attack had disrupted the electronic payment capabilities at many of its gas stations over the weekend. By Sunday, 80 percent of its stations were functioning normally again, it said.
The southern city of Yiyang, with a population of more than four million, said its traffic department had to disconnect from the internet and suspend all operations, while Xi’an, a city of more than eight million in northern China, said the processing of drivers’ tests and traffic violations would be affected because its traffic department had similarly been cut off. The southern city of Yiyang, with a population of more than four million, said its traffic department had to disconnect from the internet and suspend all operations, while Xi’an, a city of more than eight million in central China, said the processing of drivers’ tests and traffic violations would be affected because its traffic department had similarly been cut off.
On Monday morning, 11 technology companies in China, mostly dealing in internet security, suspended trading after their stocks rose as much as 10 percent, the daily limit. The spread of the malware has focused attention on why a software patch issued by Microsoft in March had not been installed by more users. Microsoft has complained for years that a large majority of computers running its software were using pirated versions.
The cyberattack has afflicted 200,000 computers in more than 150 countries. Transmitted via email, the malicious software, or malware, locks users out of their computers, threatening to destroy data if a ransom is not paid. The Australian prime minister, Malcolm Turnbull, said the attacks in his country seemed to be limited mostly to small businesses.
Australia said on Monday that it appeared to have escaped the worst of the assault. No government agencies or critical infrastructure had been affected, Dan Tehan, the minister for cybersecurity, said Monday morning. There were no reported cases in New Zealand.
“At this stage, it does seem like we have missed the major impact of this ransomware incident,” Mr. Tehan said.
The spread of the malware has focused attention on why a software patch issued by Microsoft in March was not installed by more users. Microsoft has complained for years that a large majority of computers running its software are using pirated versions.
Prime Minister Malcolm Turnbull of Australia said that the attacks in the country seemed to be limited mostly to small businesses, but they reinforced the need to update security software.
“We haven’t seen the impact that they’ve seen, for example, in the United Kingdom,” Mr. Turnbull said. “But it is very important that business and enterprises that are in the private or government sector make sure those patches for the Windows systems that were made available by Microsoft in March are installed.”“We haven’t seen the impact that they’ve seen, for example, in the United Kingdom,” Mr. Turnbull said. “But it is very important that business and enterprises that are in the private or government sector make sure those patches for the Windows systems that were made available by Microsoft in March are installed.”
The South Korean government said that just nine cases of ransomware had been found in the country so far and that dozens of samples of the malware were being analyzed. In Japan, about 2,000 terminals in 600 locations, used by individuals as well as by large companies, were most likely affected by the ransomware attack, according to JPCert, an independent group that helps respond to and track computer security breaches.
The South Korean government said that just nine cases of ransomware had been found in the country so far, and that dozens of samples of the malware were being analyzed.
In Europe, the malware did not appear to be spreading appreciably on Monday. “So far, the situation seems stable in Europe, which is a success,” said Jan Op Gen Oorth, a senior spokesman for Europol.
In Britain, where the attack was first detected on Friday, the National Health Service struggled to get hospitals, clinics and doctors’ offices fully operational. The attack had caused some patients to be turned away from emergency rooms, and surgical procedures and medical appointments needed to be rescheduled.
“We have not seen a second wave of attacks, and the level of criminal activity is at the lower end of the range that we had anticipated, and so I think that is encouraging,” the British health minister, Jeremy Hunt, told Sky News on Monday. But he also warned against complacency: “The message is very clear, not just for organizations like the N.H.S. but for private individuals, for businesses.”
The health service has been criticized for using outdated software despite repeated warnings. Mr. Hunt said they were “making sure that our data is properly backed up, and making sure that we are using the software patches.”
The British National Crime Agency, which is taking part in a global investigation into the attack, said that a second wave of attacks could still occur, and it urged computers users to take precautions.
A Renault factory in Douai, France, that employs around 5,500 people did not open on Monday because information security technicians were performing “preventive testing” on the information and robotics system before restarting production on Tuesday. The company said that no data had been lost or damaged, and that no ransom had been paid.
In Germany, the national railway operator, Deutsche Bahn, said that the attack had infected electronic information boards showing arrivals and departures, and video surveillance cameras at some stations. Several of Deutsche Bahn’s 7,000 electronic ticket machines were also affected, but nearly all had been repaired by Sunday, the company said. Rail travel was not affected.
Deutsche Bahn appeared to be the only major company in Germany affected by the hacking attack. Nevertheless, the country’s Federal Criminal Police Office opened an investigation. Last year, the country passed security legislation aimed at helping to prevent such malware attacks, after criminals believed to be Russian hackers managed to breach the German Parliament’s network in 2015.