Cyberattack Spreads in Asia; Thousands of Groups Affected


HONG KONG — A global cyberattack spread to thousands of additional computers on Monday as workers logged in at the start of a new workweek.

Universities, hospitals, businesses and daily life were disrupted, but no catastrophic breakdowns were reported. In Europe, where the cyberattack first emerged, officials said it appeared that a much-feared second wave — based on copycat variants of the original malicious software — had not yet materialized.

The new disruptions were most apparent in Asia, where many workers had already left on Friday when the attack broke out.

China alone reported disruptions at nearly 40,000 organizations, including about 4,000 academic institutions, figures that experts say are most likely to be low estimates, given the prevalence of pirated software there.

The list of affected institutions includes two of China’s most prestigious institutions of higher education, Tsinghua and Peking Universities; a movie theater chain in South Korea; and blue-chip companies in Japan like Hitachi and Nissan, which emphasized that their business operations had not been impaired.

The cyberattack has afflicted 200,000 computers in more than 150 countries. Transmitted by email, the malicious software, or malware, locks users out of their computers, threatening to destroy data if a ransom is not paid.

The so-called ransomware continued to ripple through politics and markets on Monday. Russia’s president, Vladimir V. Putin, blamed the United States, noting that the malicious software used in the attack had originally been developed by the National Security Agency. (It was then stolen and released by an elite hacking group known as the Shadow Brokers.)

On Monday morning, 11 technology companies in China, mostly dealing in internet security, suspended trading after their stocks rose 10 percent, the daily limit. Shares in European cybersecurity firms gained in early trading on Monday, as investors appeared to target companies that would benefit from increased attention on keeping data, networks and computers secure.

The disruptions in China cast a shadow over a major international conference that Beijing is hosting to promote its $1 trillion “One Belt, One Road” initiative, with participation from world leaders like Mr. Putin.

On Chinese social media, students reported being locked out of final papers, while other people said that A.T.M.s, some government offices and the payment systems at gas stations had been affected. Talk of how to avoid the virus was widespread on the messaging app WeChat over the weekend.

Securities and banking regulators issued warnings to businesses and financial institutions to audit their networks before bringing computers online to limit damage from the intrusion. The securities regulator also said that it had taken down its network and was installing a patch as a security measure.

The state-run oil company, PetroChina, confirmed that the attack had disrupted the electronic payment capabilities at many of its gas stations over the weekend. By Sunday, 80 percent of its stations were functioning normally again, it said.

The southern city of Yiyang, with a population of more than four million, said its traffic department had to disconnect from the internet and suspend all operations, while Xi’an, a city of more than eight million in central China, said the processing of drivers’ tests and traffic violations would be affected because its traffic department had similarly been cut off.

The spread of the malware has focused attention on why a software patch issued by Microsoft in March had not been installed by more users. Microsoft has complained for years that a large majority of computers running its software in China were using pirated versions.

The Australian prime minister, Malcolm Turnbull, said the attacks in his country seemed to be limited mostly to small businesses.

The New York Times


Please enter your comment!
Please enter your name here