According to Chinese IT security firm Qihoo 360, there have been over 29,000 business and government organizations in China infected by the WCry distribution worm since the outbreak began on Friday, with the number of individual affected computers numbering in the hundreds of thousands.
This figure was reported Saturday evening local time and likely would not include infections by copycat malware that began appearing over the weekend. The ransomware outbreak began late into the night, Beijing time, on Friday, long after many employees had left work.
It says universities and educational institutions were among the hardest hit, numbering 4,341, or about 15 percent of internet protocol addresses attacked. Also affected were railway stations, mail delivery, gas stations, hospitals, office buildings, shopping malls and government services.
Xinhua says the system used by PetroChina’s gas stations was attacked, meaning customers could not use their cards to pay. Most stations had recovered.
The worm, which used an unpatched backdoor to upload the WCry ransomware, has wreaked havoc across Asia. Japan reports over 2,000 individual infections across 600 companies. Two hospitals in Indonesia were slowed to a crawl as computer outages forced employees to switch to paper documents for all tasks. Meanwhile, Russian president Vladimir Putin denied his country had anything to do with the attacks, instead accusing the US of being responsible by leaving a dangerous exploit where hackers could find and distribute it, a claim bolstered by a statement posted over the weekend by Microsoft’s President & Chief Legal Officer, Brad Smith:
Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.