HONG KONG — A global cyberattack spread to thousands of additional computers on Monday as workers logged in at the start of a new workweek.
Universities,
hospitals, businesses and daily life were disrupted, but no
catastrophic breakdowns were reported. In Europe, where the cyberattack
first emerged, officials said it appeared that a much-feared second wave — based on copycat variants of the original malicious software — had not yet materialized.
The new disruptions were most apparent in Asia, where many workers had already left on Friday when the attack broke out.
China
alone reported disruptions at nearly 40,000 organizations, including
about 4,000 academic institutions, figures that experts say are most
likely to be low estimates, given the prevalence of pirated software
there.
Continue reading the main story
ADVERTISEMENT
Continue reading the main story
The
list of affected institutions includes two of China’s most prestigious
institutions of higher education, Tsinghua and Peking Universities; a
movie theater chain in South Korea; and blue-chip companies in Japan
like Hitachi and Nissan, which emphasized that their business operations
had not been impaired.
The
cyberattack has afflicted 200,000 computers in more than 150 countries.
Transmitted by email, the malicious software, or malware, locks users
out of their computers, threatening to destroy data if a ransom is not
paid.
The
so-called ransomware continued to ripple through politics and markets
on Monday. Russia’s president, Vladimir V. Putin, blamed the United
States, noting that the malicious software used in the attack had
originally been developed by the National Security Agency. (It was then
stolen and released by an elite hacking group known as the Shadow Brokers.)
On
Monday morning, 11 technology companies in China, mostly dealing in
internet security, suspended trading after their stocks rose 10 percent,
the daily limit. Shares in European cybersecurity firms gained in early
trading on Monday, as investors appeared to target companies that would
benefit from increased attention on keeping data, networks and
computers secure.
The disruptions in China cast a shadow over a major international conference that Beijing is hosting to promote its $1 trillion “One Belt, One Road” initiative, with participation from world leaders like Mr. Putin.
On
Chinese social media, students reported being locked out of final
papers, while other people said that A.T.M.s, some government offices
and the payment systems at gas stations had been affected. Talk of how
to avoid the virus was widespread on the messaging app WeChat over the
weekend.
Securities
and banking regulators issued warnings to businesses and financial
institutions to audit their networks before bringing computers online to
limit damage from the intrusion. The securities regulator also said
that it had taken down its network and was installing a patch as a
security measure.
The
state-run oil company, PetroChina, confirmed that the attack had
disrupted the electronic payment capabilities at many of its gas
stations over the weekend. By Sunday, 80 percent of its stations were
functioning normally again, it said.
The
southern city of Yiyang, with a population of more than four million,
said its traffic department had to disconnect from the internet and
suspend all operations, while Xi’an, a city of more than eight million
in central China, said the processing of drivers’ tests and traffic
violations would be affected because its traffic department had
similarly been cut off.
The
spread of the malware has focused attention on why a software patch
issued by Microsoft in March had not been installed by more users.
Microsoft has complained for years that a large majority of computers
running its software in China were using pirated versions.
The
Australian prime minister, Malcolm Turnbull, said the attacks in his
country seemed to be limited mostly to small businesses.
“We
haven’t seen the impact that they’ve seen, for example, in the United
Kingdom,” Mr. Turnbull said. “But it is very important that business and
enterprises that are in the private or government sector make sure
those patches for the Windows systems that were made available by
Microsoft in March are installed.”
In
Japan, about 2,000 terminals in 600 locations, used by individuals as
well as by large companies, were most likely affected by the ransomware
attack, according to JPCert, an independent group that helps respond to
and track computer security breaches.
The
South Korean government said that just nine cases of ransomware had
been found in the country so far, and that dozens of samples of the
malware were being analyzed.
In
Europe, the malware did not appear to be spreading appreciably on
Monday. “So far, the situation seems stable in Europe, which is a
success,” said Jan Op Gen Oorth, a senior spokesman for Europol.
In
Britain, where the attack was first detected on Friday, the National
Health Service struggled to get hospitals, clinics and doctors’ offices
fully operational. The attack had caused some patients to be turned away
from emergency rooms, and surgical procedures and medical appointments
needed to be rescheduled.
“We
have not seen a second wave of attacks, and the level of criminal
activity is at the lower end of the range that we had anticipated, and
so I think that is encouraging,” the British health minister, Jeremy
Hunt, told Sky News on Monday. But he also warned against complacency:
“The message is very clear, not just for organizations like the N.H.S.
but for private individuals, for businesses.”
The
health service has been criticized for using outdated software despite
repeated warnings. Mr. Hunt said they were “making sure that our data is
properly backed up, and making sure that we are using the software
patches.”
The
British National Crime Agency, which is taking part in a global
investigation into the attack, said that a second wave of attacks could
still occur, and it urged computers users to take precautions.
A
Renault factory in Douai, France, that employs around 5,500 people did
not open on Monday because information security technicians were
performing “preventive testing” on the information and robotics system
before restarting production on Tuesday. The company said that no data
had been lost or damaged, and that no ransom had been paid.
In
Germany, the national railway operator, Deutsche Bahn, said that the
attack had infected electronic information boards showing arrivals and
departures, and video surveillance cameras at some stations. Several of
Deutsche Bahn’s 7,000 electronic ticket machines were also affected, but
nearly all had been repaired by Sunday, the company said. Rail travel
was not affected.
Deutsche
Bahn appeared to be the only major company in Germany affected by the
hacking attack. Nevertheless, the country’s Federal Criminal Police
Office opened an investigation. Last year, the country passed security
legislation aimed at helping to prevent such malware attacks, after
criminals believed to be Russian hackers managed to breach the German
Parliament’s network in 2015.
Correction: May 15, 2017
An earlier version of this article misstated the direction of Chinese internet security stocks in the wake of the ransomware attack. Trading was suspended in these stocks after they rose, not fell.
NYT
An earlier version of this article misstated the direction of Chinese internet security stocks in the wake of the ransomware attack. Trading was suspended in these stocks after they rose, not fell.
NYT
Posts
No comments:
Post a Comment