The WannaCry “ransomware” cyber-attack hobbled all the local authorities, from traffic police to industry regulators, as it rolled out in Asia on Monday. The spread of the WannaCry worm appeared to be less aggressive as compared to Europe.
As the attack has disturbed many operations at car factories, hospitals, shops, and schools, the Chinese authorities from transport, social security, industry watchdogs, and immigration took the decision to delay some of their services, ranging from applications to traffic crime enforcement. According to officials and security firms, even though China has the world’s largest number of internet users, the spread of worms was starting to slow in the country.
The Chinese Internet security company Qihoo 360 said, “The growth rate of infected institutions on Monday has slowed significantly compared to the previous two days.” According to Qihoo, 30,000 organizations were infected by the attack on Saturday, consisting of over 4,000 educational institutions.
An official from Cybersecurity Administration China (CAC) told local media on Monday that while the ransomware was still spreading and had affected industry and government computer systems, the spread was slowing.
China remained a major source of attack from infected computers, at least during the Asian day, said Michael Gazeley, Managing Director of Network Box, a Hong Kong-based cybersecurity firm. At about noon (0400 GMT), nearly 47% of attacks on Network Box’s clients came from China.
It is still not understood whether the services were delayed due to attacks or for emergency patching to prevent infection. Even then, adding a patch was no simple task, experts said.
Marin Ivezic, a cyber security expert at PwC in Hong Kong, said that “If a system supports some kind critical processes those systems typically are very hard to patch… We don’t have a precedent from something of this scale (in China)”.
The attack that affected different organizations were namely the social security department in the city of Changsha, the exit-entry bureau in Dalian, a housing fund in Zhuhai, and an industry watchdog in Xuzhou.
Energy giant PetroChina said payment systems at some of its petrol stations were hit, although it had been able to restore most of the systems.
More than 150 countries have been affected by locking up over 200,000 computers. It is believed that the worm has mainly spread by email, and in China, the ransomware affected educational institutions, energy giant PetroChina’s payment systems, and local government.
Infected computers appear to largely be out-of-date devices (older versions) that organizations deemed not worth the price of upgrading. Some have also been machines involved in manufacturing or hospital functions, difficult to patch without disrupting operations.
In a blog post on Sunday, Microsoft President Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: the attack made use of a hacking tool built by the US National Security Agency that had leaked online in April.