Cyber sleuths: Ransom virus under control
By Cui Jia | China Daily | Updated: 2017-05-18 07:30
WannaCry, a strain of Windows ransomware that posed severe security threats to China's universities and energy corporations, is under control as the number of computers under attack dropped significantly, China's top cybersecurity emergency response center said.
The number of computers in China under attack from the ransomware had dropped Monday to Tuesday to 213,000 per hour on average from more than twice that - 520,000 per hour - from Saturday to Sunday, according to data released by the National Computer Network Emergency Response Technical Team/Coordination Center of China on Wednesday.
"The drop is mainly because users of Windows operating systems have begun to install patches developed by Microsoft after the global attack over the weekend," said Zhang Shuai, an engineer from the center. "But the risk remains high."
Gas stations run by China National Petroleum Corp in several cities could not carry out card and mobile payment transactions on Saturday because the computers were affected by the ransomware, the company said. Schools in China also were hit hard over the weekend.
Via a security loophole in Windows, the virus blocks users from accessing their own files. It encrypts the data and system files on the computer, which the user can then access only by paying $300 via the anonymous online bitcoin currency within seven days.
Zhang said Microsoft released patches to prevent such attacks in March and April. "Computers under attack are those that haven't updated their systems on time."
Tests by researchers show that an unpatched computer that was connected to the internet could be infected in a matter of minutes. WannaCry targets files that are important to the users, such as Word documents, pictures and videos, Zhang said.
"It is almost impossible to fully recover the files once they are locked by WannaCry," Zhang said.
WannaCry also can easily penetrate to computers linked to corporations via an intranet because it spreads through e-mail as well as by computers connected via a network. Many computers that connect by an intranet need to be updated manually instead of automatically, which is why many businesses and universities were affected, he added.
More than 52,000 IP addresses around the world launched WannaCry attacks by 7 am Tuesday and 26,000 were from the Chinese mainland, the center said.
An architecture professor at a university in Beijing said his computer was attacked by WannaCry on Sunday.
"I thought it was a practical joke from my students at the beginning, until I heard the news," said the professor, who declined to be named. "Many of my blueprints have been locked. I'm planning to pay the ransom to save years of my hard work."
It still was not clear who will receive the ransom in the end. Zhang, from the emergency response center, said it would take international efforts to track down the perpetrators.
Cao Yin contributed to the story