Tens of thousands of Chinese companies and institutions – including several major firms in Hong Kong – have been crippled by a global cyberattack as people returned to work on Monday.
On mainland China, almost 30,000 organisations were affected, with universities bearing the brunt of the attack by ransomware WannaCry over the weekend, according to Chinese media reports.
More than 4,300 educational institutions were infected by the malware, the reports said, citing data from cybersecurity giant Qihoo 360’s Threat Intelligence Centre. Government services, hospitals, shopping malls and railway stations were also affected.
Over 20,000 petrol stations across the mainland went offline as energy giant, the China National Petroleum Corporation, cut the network connection to all its refill stations from Friday evening.
CNPC said in a statement on Sunday that the cyberattack had caused severe damage to its network.
The “internet blackout” at the stations meant customers could not pay by credit card or online methods such as AliPay. By mid-day on Sunday, some 20 per cent of the company’s petrol stations remained affected, requiring customers to continue to pay in cash.
In Hong Kong, companies had been attacked 48 times on average from seven countries since Friday, according to Network Box Corp, an internationally managed security services provider that protects 1,700 key Hong Kong organisations from cyberattacks.
Network Box said the WannaCry’s impact on the city was severe, although the Hong Kong Computer Emergency Response Team (HKCERT) said it had received reports from only three individuals and the government said there were no internal security breaches. HKCERT oversees Hong Kong’s cybersecurity incidents.
The city’s authorities have yet to provide any information on the scale of the cyberattack in Hong Kong.
“We are aware that there are major corporations that have been hit [as they have come to us for help]… Major corporations are seriously impacted and none of the authorities know anything,” Network Box managing director Michael Gazeley said.
Though privacy concerns restricted him from revealing the identities and exact numbers of the major firms hit, Gazeley said logistics firms seemed to be the most affected.
“Our most-protected customer to date is a very well-known trading firm. We’ve protected them from 1,285 attacks, coming in from 43 countries. Now that’s just one client,” he said.
WannaCry spreads through phishing emails that tricks victims into opening malicious malware attachments and links to spam emails. The ransomware then infects unpatched computer systems, encrypting their data and demanding payment to restore access.
Computers still running the Windows XP operating system are most at risk, as Microsoft had stopped releasing security patches for the system since April 2014. After the attacks, however, the US tech giant released a new security patch for Windows XP users.
Tang Wei, senior engineer with Chinese cybersecurity company Rising, said a major group of victims came from state-owned companies or public agencies using tailor-made software based on operating system from older versions.
The computers in the CNPC petrol stations, for instance, used a customised operating system built on Windows XP.
Customised operating systems based on Windows XP are widely used in many of China’s sensitive sectors including the defence and aerospace industry. Whether WannaCry ransomware attack had affected these systems remained unknown.
More than 20 per cent of all personal computers in mainland China were still on the Windows XP operating system, according to an estimate last year.
“This event (WannaCry) should serve as a global wake-up call – the means of delivery and the delivered effect are unprecedented,” Rick Barger, cybersecurity firm Splunk’s director of threat research, said.
“Ransomware is arguably the No 1 method of cyberattack in 2017, and this attack demonstrates the paramount need for critical enterprises to have a ransomware playbook in place for when they are attacked. Protecting critical infrastructure from cyberattack is a responsibility that cannot be taken lightly.”
Similar attacks had been detected as early as February, but the latest wave hit more than 100 countries in less than two days.
Network Box’s Gazeley said concerns had also surfaced around the world that the hacker was continuously releasing new versions of the malware.
There had been at least 25 different variants of WannaCry in Hong Kong, with the latest launched at 4am on Monday morning, the company said.
“This ransomware attack is historic in terms of size, impact, and use of technology. But things are only going to get worse. People must wake up, and get properly protected,” Gazeley said.
Rising, a major Chinese cybersecurity company based in Beijing, said no WannaCry 2.0 strains had been detected on their monitoring networks on the mainland so far.
There were variations of the ransomware, but they could all be inactivated by a method known as the “kill switch”, according to a report released by Rising on Sunday evening.
Chinese media reports said many government institutions and companies had gone offline before switching on their computers to conduct a virus scan or apply security patches. This helped contain the spread of the damage on Monday.