[On Monday morning, 11 technology companies in China, mostly dealing in internet security, suspended trading after their stocks rose 10 percent, the daily limit. Shares in European cybersecurity firms gained in early trading on Monday, as investors appeared to target companies that would benefit from increased attention on keeping data, networks and computers secure.]
By Gerry Mullany and Paul Mozur
 |
|
An
internet cafe in China. State news outlets said on Monday that about
40,000
institutions had been struck. Credit
Associated Press
|
HONG
KONG — A global cyberattack
spread to thousands of additional computers on Monday as workers logged in at
the start of a new workweek.
Universities, hospitals, businesses and daily
life were disrupted, but no catastrophic breakdowns were reported. In Europe,
where the cyberattack first emerged, officials said it appeared that a
much-feared second wave — based on copycat variants of the original malicious
software — had not yet materialized.
The new disruptions were most apparent in
Asia, where many workers had already left on Friday when the attack broke out.
China alone reported disruptions at nearly
40,000 organizations, including about 4,000 academic institutions, figures that
experts say are most likely to be low estimates, given the prevalence of
pirated software there.
The list of affected institutions includes
two of China’s most prestigious institutions of higher education, Tsinghua and
Peking Universities; a movie theater chain in South Korea; and blue-chip
companies in Japan like Hitachi and Nissan, which emphasized that their
business operations had not been impaired.
The cyberattack has afflicted 200,000
computers in more than 150 countries. Transmitted by email, the malicious
software, or malware, locks users out of their computers, threatening to
destroy data if a ransom is not paid.
The so-called ransomware continued to ripple
through politics and markets on Monday. Russia’s president, Vladimir V. Putin,
blamed the United States, noting that the malicious software used in the attack
had originally been developed by the National Security Agency. (It was then
stolen and released by an elite hacking group known as the Shadow Brokers.)
On Monday morning, 11 technology companies in
China, mostly dealing in internet security, suspended trading after their stocks
rose 10 percent, the daily limit. Shares in European cybersecurity firms gained
in early trading on Monday, as investors appeared to target companies that
would benefit from increased attention on keeping data, networks and computers
secure.
The disruptions in China cast a shadow over a
major international conference that Beijing is hosting to promote its $1
trillion “One Belt, One Road” initiative, with participation from world leaders
like Mr. Putin.
On Chinese social media, students reported
being locked out of final papers, while other people said that A.T.M.s, some
government offices and the payment systems at gas stations had been affected.
Talk of how to avoid the virus was widespread on the messaging app WeChat over
the weekend.
Securities and banking regulators issued
warnings to businesses and financial institutions to audit their networks
before bringing computers online to limit damage from the intrusion. The
securities regulator also said that it had taken down its network and was
installing a patch as a security measure.
The state-run oil company, PetroChina,
confirmed that the attack had disrupted the electronic payment capabilities at
many of its gas stations over the weekend. By Sunday, 80 percent of its
stations were functioning normally again, it said.
The southern city of Yiyang, with a
population of more than four million, said its traffic department had to
disconnect from the internet and suspend all operations, while Xi’an, a city of
more than eight million in central China, said the processing of drivers’ tests
and traffic violations would be affected because its traffic department had
similarly been cut off.
The spread of the malware has focused
attention on why a software patch issued by Microsoft in March had not been
installed by more users. Microsoft has complained for years that a large
majority of computers running its software in China were using pirated
versions.
The Australian prime minister, Malcolm
Turnbull, said the attacks in his country seemed to be limited mostly to small
businesses.
“We haven’t seen the impact that they’ve
seen, for example, in the United Kingdom,” Mr. Turnbull said. “But it is very
important that business and enterprises that are in the private or government
sector make sure those patches for the Windows systems that were made available
by Microsoft in March are installed.”
In Japan, about 2,000 terminals in 600
locations, used by individuals as well as by large companies, were most likely
affected by the ransomware attack, according to JPCert, an independent group
that helps respond to and track computer security breaches.
The South Korean government said that just
nine cases of ransomware had been found in the country so far, and that dozens
of samples of the malware were being analyzed.
In Europe, the malware did not appear to be
spreading appreciably on Monday. “So far, the situation seems stable in Europe,
which is a success,” said Jan Op Gen Oorth, a senior spokesman for Europol.
In Britain, where the attack was first
detected on Friday, the National Health Service struggled to get hospitals,
clinics and doctors’ offices fully operational. The attack had caused some
patients to be turned away from emergency rooms, and surgical procedures and
medical appointments needed to be rescheduled.
“We have not seen a second wave of attacks,
and the level of criminal activity is at the lower end of the range that we had
anticipated, and so I think that is encouraging,” the British health minister,
Jeremy Hunt, told Sky News on Monday. But he also warned against complacency:
“The message is very clear, not just for organizations like the N.H.S. but for
private individuals, for businesses.”
The health service has been criticized for
using outdated software despite repeated warnings. Mr. Hunt said they were
“making sure that our data is properly backed up, and making sure that we are
using the software patches.”
The British National Crime Agency, which is
taking part in a global investigation into the attack, said that a second wave
of attacks could still occur, and it urged computers users to take precautions.
A Renault factory in Douai, France, that
employs around 5,500 people did not open on Monday because information security
technicians were performing “preventive testing” on the information and
robotics system before restarting production on Tuesday. The company said that
no data had been lost or damaged, and that no ransom had been paid.
In Germany, the national railway operator,
Deutsche Bahn, said that the attack had infected electronic information boards
showing arrivals and departures, and video surveillance cameras at some
stations. Several of Deutsche Bahn’s 7,000 electronic ticket machines were also
affected, but nearly all had been repaired by Sunday, the company said. Rail
travel was not affected.
Deutsche Bahn appeared to be the only major
company in Germany affected by the hacking attack. Nevertheless, the country’s
Federal Criminal Police Office opened an investigation. Last year, the country
passed security legislation aimed at helping to prevent such malware attacks,
after criminals believed to be Russian hackers managed to breach the German
Parliament’s network in 2015.
An earlier version of this article misstated
the direction of Chinese internet security stocks in the wake of the ransomware
attack. Trading was suspended in these stocks after they rose, not fell.
Reporting was contributed by Liz Alderman
from Paris; Sewell Chan from London; Choe Sang-Hun from Seoul, South Korea;
Melissa Eddy from Berlin; Sophia Kishkovsky from Moscow; Sui-Lee Wee from
Beijing; and Jacqueline Williams from Sydney, Australia. Owen Guo and Xu Qi
contributed research from Beijing.
