The ransomware attack that corrupted networks in 150 countries was most likely spawned from a trove of U.S. government cyber weapons that was hacked and leaked online. Here's a look at its impact and responses from regions around the world:
TOKYO—Global cyber chaos is spreading Monday as companies boot up computers at work following the weekend’s worldwide “ransomware” cyberattack, but it appears that so far, Canada has been spared.
Atty Mashatan, a professor at Ryerson University’s School of Information Technology Management, said it was nothing more than a fluke that Canada appears to have been largely unaffected from The May 12 ransomware attack that disrupted services in Russia, the U.K., Ukraine, Spain and India.
Attacks like this one, dubbed “WannaCry” for the “WannaCrypt” technology used to execute it, happen when a type of software seizes control of a computer, encrypting its contents and rendering them inaccessible.
“The vehicle that the malware going from one device to the other is spam. The most common way that they do that is via a link in an email,” Mashatan said. “It looks as if it’s from someone you know, in your contacts. You click on it, and bingo. The actual malware, the file, is downloaded.”
The perpetrators then demand hundreds or thousands of dollars to unlock the victims’ computers—essentially holding the documents, photos and other items on the computer for ransom.
“This one wasn’t really a targeted attack at all,” Mashatan said. “They usually run this campaign and hope to infect as many devices as they can.”
“This time around we were lucky,” she said. “There’s so many people who are emailing one another within the U.K., whereas the traffic between the U.K. and Canada is not as much.”
But if the wrong person had clicked on an infected link, they could have spread the ransomware to Canada.
A hospital in Oshawa, Ont. said Saturday it appeared the ransomware threatened its computer system, but a spokesman for Lakeridge Health said the facility’s system was able to deflect the attack.
“Our antivirus software contained the attack and so while we’ve had to reset some of our systems we weren’t affected in the same way that other places were,” said Lloyd Rang, in an interview Saturday.
Computer users worldwide—and everyone else who depends on them—should assume that the next big “ransomware” attack has already been launched, and just hasn’t manifested itself yet, Ori Eisen, who founded the Trusona cybersecurity firm, told The Associated Press.
The attack appears to be “low-level” stuff, given the amounts of ransom demanded, Eisen said Saturday.
He said the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems.
A representative from Public Safety Canada said the Canadian Cyber Incident Response Centre is aware of the reported attacks, but made no mention on whether any Canadian users were affected.
The Communications Security Establishment, a Canadian intelligence agency, said in a May 13 statement that the federal government’s computer networks do not appear to have been affected by the attack.
The extortion scheme has created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear.
As a loose global network of cybersecurity experts have been combating the ransomware hackers.
The initial attack, known as “WannaCry,” paralyzed computers running Britain’s hospital network, Germany’s national railway and scores of other companies and government agencies around the world.
In China, state media said more than 29,000 institutions had been infected along with hundreds of thousands of devices.
The Japan Computer Emergency Response Team Coordination Center, a non-profit providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far.
Tom Bossert, a homeland security adviser to U.S. President Donald Trump, says the recent global cyberattack is something that “for right now, we’ve got under control” in the United States.
Bossert told ABC’s Good Morning America Microsoft’s security patch released in March should protect U.S. networks for those who install it.
Micrsoft’s top lawyer has criticized U.S. intelligence for “stockpiling” software code that can aid hackers. Cybersecurity experts say the unknown hackers behind the latest attacks used a vulnerability exposed in U.S. government documents leaked online.
Bossert said “criminals” are responsible, not the U.S. government. Bossert says the U.S. hasn’t ruled out involvement by a foreign government, but that the recent ransom demands suggest a criminal network.
Indian authorities were on high alert for news of malfunctioning computers Monday, its Computer Emergency Response Team of India issued it’s highest alarm level and urged computer users to update their systems and use protective software.
But few major problems were reported. The head of the government response team told Press Trust of India news agency that “everything seems to be normal, so far. No reports have come in” detailing cyberattacks in the country.
The Kaspersky Lab, a security solutions firm, had estimated that up to 5 per cent of computers affected globally could be in India. The country is considered vulnerable thanks to a large number of computers running on older Microsoft operating systems.
The U.K.’s health service says most hospitals hit by the global “ransomware” attack are back up and running, but seven are still experiencing IT disruption and cancelling appointments.
About a fifth of NHS trusts—the regional bodies that run U.K. hospitals and clinics—were hit by the attack on May 12, leading to thousands of cancelled appointments and operations.
Health officials say seven of the 47 affected are still having IT problems and have asked for “extra support” from the National Health Service.
Barts Health, which runs five London hospitals, says it is still sending some ambulances to other hospitals and has cancelled some surgeries and outpatient appointments.
Ciaran Martin, chief executive of the U.K.’s National Cyber Security Centre, has warned that more computers could be infected Monday as doctors’ practices re-opened after the weekend.
In France, auto manufacturer Renault said one of its plants, which employs 3,500 people in Douai, northern France, did not reopen May 15 as technicians continued to deal with the aftermath of the global cyberattack.
The company described the temporary halt in production as a “preventative step.” The company gave no details on the degree to which the plant was affected by the malware. Renault said all of its other plants in France were open Monday.
In Japan, Nissan Motor Co. confirmed May 15 some units had been targeted, but there was no major impact on its business.
Hitachi spokeswoman Yuko Tainiuchi said emails were slow or not getting delivered, and files could not be opened. The company believes the problems are related to the ransomware attack, although no ransom is being demanded. They were installing software to fix the problems.
South Korea has been mostly spared from the global cyber chaos that crippled scores of governments and companies in 150 countries.
Director Shin Dae Kyu at the state-run Korea Internet & Security Agency who monitors the private sector said Monday that five companies have reported they were targeted by a global “ransomware” cyberattack. While some companies did not report damages to the government, South Korea was yet to see crippling damages, he said.
The most public damage was on the country’s largest movie chain. CJ CGV Co. was restoring its advertising servers at dozens of its movie theatres after the attack left the company unable to display trailers of upcoming movies. Its movie ticket systems were unaffected.
Another government security official said no government systems were affected.