China hit by ‘WannaCry’ ransomware attack

China 24

FILE – In this May 13, 2017 file photo, a screenshot of the warning screen from a purported ransomware attack, as captured by a computer user in Taiwan, is seen on laptop in Beijing. Global cyber chaos is spreading Monday, May 14, as companies boot up computers at work following the weekend’s worldwide “ransomware” cyberattack. The extortion scheme has created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. The initial attack, known as “WannaCry,” paralyzed computers running Britain’s hospital network, Germany’s national railway and scores of other companies and government agencies around the world. (AP Photo/Mark Schiefelbein, File)

Chinese local authorities from traffic police to industry regulators were hobbled on Monday by a massive global ransomware attack, but the spread of the WannaCry worm in the country appeared less aggressive than initially feared.

Dozens of local Chinese authorities said they had suspended some of their services due to the attack that has disrupted operations at car factories, hospitals, shops and schools around the world.

However, officials and security firms said the spread was starting to slow in the country, which has the world’s largest number of Internet users.

“The growth rate of infected institutions on Monday has slowed significantly compared to the previous two days,” said Chinese Internet security company Qihoo 360.

“Previous concerns of a wide-scale infection of domestic institutions did not eventuate.”

Qihoo has previously said the attack had infected close to 30,000 organizations by Saturday evening. Of that, over 4,000 were educational institutions.

An official from Cybersecurity Administration China (CAC) told local media on Monday that while the ransomware was still spreading and had affected industry and government computer systems, the spread was slowing.

China remained a major source of attack from infected computers, at least during the Asian day, said Michael Gazeley, managing director of Network Box, a Hong Kong-based cybersecurity firm.

At about noon (0400 GMT), nearly 47 percent of attacks on Network Box’s clients came from China. This would change, Gazeley said, as Europe and U.S. computers are turned on, but it indicated the scale of the problem there.

Chinese government bodies from transport, social security, industry watchdogs and immigration said they had suspended services ranging from processing applications to traffic crime enforcement.

It’s not clear whether the services were suspended due to attacks or for emergency patching to prevent infection. Even then, adding a patch was no simple task, experts said.

“If a system supports some kind critical processes those systems typically are very hard to patch… We don’t have a precedent from something of this scale (in China),” said Marin Ivezic, a cybersecurity expert at PwC in Hong Kong.

Affected bodies included a social security department in the city of Changsha, the exit-entry bureau in Dalian, a housing fund in Zhuhai and an industry watchdog in Xuzhou.

The ransomware, which has locked up over 200,000 computers in more than 150 countries, has been mainly spread by e-mail, and in China has hit schools and colleges, energy giant PetroChina’s payment systems and local government.

Security experts say most infected computers appear to be systems running out-of-date operating systems, or machines that are hard to patch without affecting crucial operations in areas like healthcare or manufacturing.

Beijing has said previously it is a victim of hacking, although the United States has accused it of cyber attacks on U.S. government computer systems.

China is also set to implement a tougher new cyber security law from June 1, designed to strengthen critical infrastructure, even as many global tech firms and lobbies say that its cyber rules skew the playing field against foreign firms.

Story from the Associated Press.