×

Asia assesses ransomware assault, extent may not be known until Monday

SINGAPORE, May 13 (Reuters) - Some hospitals, schools and universities in Asia were hit by a global cyber attack which infected tens of thousands of computers in Europe and the United States, but officials and researchers said the extent of any damage may not yet be known.

China's official news agency Xinhua said secondary schools and universities were hit, but did not say how many or identify them.

Sun Yat-sen University said it received a large number of virus complaints on Friday, the Chinese financial magazine Caixin reported on Saturday, citing a notice circulated by the university's IT department.

William Saito, cyber security adviser to the Japanese cabinet and trade ministry, said some of the country's institutions were affected but declined to elaborate.

South Korea's Yonhap news agency said one of Seoul's university hospitals had been affected. An official said it wasn't yet clear whether the hospital, which he declined to name, had been hit by the ransomware or some other malware.

Two hospitals in Jakarta were hit, according to Semuel Pangerapan, a director general at Indonesia's Communication and Information Ministry.

He said officials were attempting to localize the infected server to prevent the malware from spreading.

One of Vietnam's leading antivirus software companies said dozens of people had reported infections.

"This number may increase as people return to work next week. A large number of computers will be turned back on and may be targets," said Vu Ngoc Son, vice president of Bkav Anti Malware.

He declined to identify who had been infected. None were customers of the company.

NUMBER OF INFECTIONS FALLING

Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access. Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.

Officials in the Philippines and Singapore said there were no reports of breaches of critical infrastructure.

New Zealand and Australia reported no impact on any organizations. India's chief information security officer, Gulshan Rai, said there appeared to be no damage.

Two factors may account for the limited reports of damage in Asia.

The worm began to spread in Europe on Friday, by which time it was already early evening in many Asian countries. The worm spreads most efficiently through organizational networks, not home computers, said Vikram Thakur, principal research manager at Symantec.

That means officials will need to wait until Monday, when business resumes, to gauge the impact on Japan, said Saito.

"In Japan, things could likely emerge on Monday," he said.

Another factor may be that the worm's spread was limited by the actions of a British based researcher, who told Reuters he registered a domain that he noticed the malware was trying to connect to.

By buying the domain, the researcher, who declined to give his name but goes by the Twitter handle zmalwaretechblog, may have curtailed the worm's spread.

"We are on a downward slope, the infections are extremely few, because the malware is not able to connect to the registered domain," said Symantec's Thakur.

"The numbers are extremely low and coming down fast; don't expect this to remain a major threat across this weekend apart from those in firefighting mode."

But the attackers may yet tweak the code and restart the cycle. The British-based researcher who foiled the ransomware's spread said he hadn't seen any such tweaks yet, "but they will." (Reporting By Jeremy Wagstaff, Mai Nguyen, Harry Pearl, Engen Tham, Fransiska Nangoy, Kiyoshi Takenaka, Neil Jerome Morales, Masayuki Kitano, Krishna Das and Nidhi Verma; Writing by Jeremy Wagstaff; Editing by Mike Collett-White)