A CYBER attack that took down multiple institutions, including schools in China and hospitals in Indonesia, has experts worried about a new wave of strikes after the attack appeared to die down on Saturday.
The attack, which has been described as “unprecedented”, was a result of ransomware that spread throughout the world on Friday. The United Kingdom’s National Health Service (NHS) suffered the worst of the attack, causing operations to be cancelled, ambulances to be diverted, and patient records being made unavailable in the country.
The full extent of the damage caused in Asia is not quite known yet due to it being the weekend, but a cyber security adviser to the Japanese government, William Saito, told Reuters that he believes many companies “have not yet noticed” and Monday could bring on fresh hell.
— Hamza Belattar (@HamzaBelattar1) May 13, 2017
China’s information security watchdog said “a portion” of Windows systems users in the country were infected, according to a notice posted on the official Weibo page of the Beijing branch of the Public Security Bureau on Saturday. Xinhua state news agency said some secondary schools and universities were hit.
In Vietnam, Vu Ngoc Son, a director of Bkav Anti Malware, said dozens of cases of infection had been reported there, but he declined to identify any of the victims.
South Korea’s Yonhap news agency reported a university hospital had been affected, while a communications official in Indonesia said two hospitals there had been hit.
Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that seemed to contain invoices, job offers, security warnings and other legitimate files.
Once inside the targeted network, so-called ransomware made use of recently revealed spy tools to silently infect other out-of-date machines without any human intervention. This, security experts said, marked an unprecedented escalation in the risk of fresh attacks spreading in the coming days and weeks.
Nissan’s manufacturing plant in Sunderland, northeast England, was also affected by the cyber assault though “there has been no major impact on our business”, a spokesman for the Japanese carmaker said.
Europol’s European Cybercrime Centre said in a statement: “The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits.”
By exploiting a piece of NSA spy code known as “Eternal Blue”, hackers were able to take advantage of the self-spreading malware.
The attack was brought to a sudden halt when a UK cybersecurity researcher and an employee from security firm Proofpoint found and activated a “kill switch” in the software, reported the Guardian. The researcher, who requested to remain anonymous, said he did not set out to stop the attack, but instead stumbled onto the domain name that would kill it and unknowingly registered the domain.
Additional reporting by Reuters