Ransomware hits ‘hundreds of thousands’ of China PCs – firm

SHANGHAI, China (UPDATED) – “Hundreds of thousands” of Chinese computers at nearly 30,000 institutions including government agencies have been hit by the global ransomware attack, a leading Chinese security-software provider has said, though the Asian impact has otherwise been relatively muted.

The enterprise-security division of Qihoo 360, one of China’s leading suppliers of anti-virus software, said 29,372 institutions ranging from government offices to universities, ATMs and hospitals had been “infected” by the outbreak as of late Saturday.

In a statement dated Sunday, Qihoo 360 said the ransomware had spread particularly quickly through higher education, affecting more than 4,000 Chinese universities and research institutions. (READ: Ransomware, the weapon wielded in cyber attacks)

It gave few details on the extent of any damage, however, and China’s government has said little about the situation.

Governments, companies and computer experts around the world braced on Monday for a possible worsening of the global cyberattack that has hit more than 150 countries as people return for another work week, but Asia so far appears to have avoided major damage.

The indiscriminate attack began Friday and struck banks, hospitals and government agencies around the world, exploiting known vulnerabilities in older Microsoft computer operating systems.

Chinese state media on Monday quoted the official Cyberspace Administration of China as saying the attack is still spreading in the country, but had slowed significantly.

It warned computer users to install and upgrade security software as a precaution.

State-owned oil giant PetroChina said in a statement that it had to disconnect the networks linking its petrol stations nationwide for 12 hours on Saturday and accept only cash after the company’s internet payment functions were disabled.

By late Sunday, around 80% of its network was back online, PetroChina said.

‘Unstable’ systems

Japanese media reported that 2,000 computers at 600 companies and organisations in the country had been affected, citing the Japan Computer Emergency Response Team Coordination Center.

A spokesman for Japanese conglomerate Hitachi said on Monday that the company’s computer networks were “unstable”, crippling its email systems.

“We found the problems this morning. We assume that the problems are due to the weekend’s global cyberattacks. We have not received any reports of damage to our production. We don’t know when the problem can be solved,” said the spokesman, who spoke on condition of anonymity.

Authorities across the world have issued public alerts warning computer users to beware of suspicious emails and beef up their computer security measures.

“Please beware and take preventive steps against the malware attack,” said Indonesia’s information minister Rudiantara who, like many Indonesians, goes by one name.

Rudiantara was speaking to reporters following reports that records and billing systems in at least one Indonesian hospital had been crippled.

Chinese state media have reported that police departments in some major cities had suspended some non-emergency services, though it was not clear whether the ransomware threat was to blame in all cases.

Dozens of Chinese universities have issued alerts about the attack and advised students to disable their internet connections before turning on their computers.

The attack sent share prices of Chinese internet security firms soaring. – Rappler.com