Malware problems were reported at several universities in Asia, including at Shandong University, a top school in northeast China. The university issued an online notice urging faculty and students to update their software as quickly as possible against the malware to prevent it from encrypting files and demanding a ransom payment.
“There is often no other way to decrypt the file, except to pay a high ransom to decrypt and recover the documents, learning materials and personal data,” the notice said.
The university advised faculty members and students to install authentic Microsoft software and to contact a school office for help in doing so.
The attacks began with a simple phishing email, similar to the one Russian hackers used in the attacks on the Democratic National Committee and other targets last year. They then quickly spread through victims’ systems using a hacking method that the N.S.A. is believed to have developed as part of its arsenal of cyberweapons. Finally, the attacks encrypt the computer systems of the victims, locking them out of critical data, including patient records in Britain.
“Something like this was always inevitable,” said Brian Lord, a former deputy director for intelligence and cyber operations at Government Communications Headquarters, Britain’s equivalent to the N.S.A.
“It was well thought-out, well timed and well coordinated,” he added. “But, fundamentally, there is nothing unusual about its delivery. It is still fundamentally robbery and extortion.”
While American companies like FedEx said they had been hit by the attack, experts said that people in the United States had so far been less affected than others worldwide after a British cybersecurity researcher accidentally stopped the current ransomware attack from spreading more widely.
The attackers, who have yet to be identified, had included a so-called kill switch in their attack, which stops the malware from spreading if the virus makes an online request to a specific website. If the site is online, then the immediate attack stop spreading, experts said.
Yet, when the 22-year-old British researcher, who confirmed his involvement but insisted on anonymity because he did not want the public scrutiny, saw that the kill switch’s domain name — a long and complicated set of letters — had yet to be registered, he bought it himself, accidentally shutting down the hacking attack before it could fully spread to the United States.
“The kill switch is why the U.S. hasn’t been touched so far,” said Matthieu Suiche, founder of Comae Technologies, a cybersecurity company in the United Arab Emirates. “But it’s only temporary. All the attackers would have to do is create a variant of the hack with a different domain name. I would expect them to do that.”
The severity of the attacks in developing countries like Russia, China and India also highlighted the problem of illegally copied software, which tends to be more vulnerable to malware like the one that spread globally on Friday and Saturday.
Yet even users of authentic software who had not installed a recent security update would have been vulnerable, underscoring the susceptibility of networks around the world to hackers and opportunists.
Illegal copying of software has long been rampant in China. Microsoft and other Western companies have complained for years that the large majority of computers running their software were using pirated versions. After this attack, Microsoft issued a new patch for all Windows.
The spread of hacking attacks in recent years has made original versions of software more popular, as they typically provide automatic updates of security upgrades. But Edward Snowden’s release of extensive information about hacking by the United States government — much of which was aimed at monitoring China’s rapid military buildup — has alarmed the Chinese leadership.
It also accelerated a broad push to develop Chinese-brand software and hardware that is difficult for Western intelligence agencies to penetrate but still allows comprehensive monitoring of the population by Chinese security agencies.
With a large number of computers running old versions of Windows and a tendency to avoid paying for security software, China has become one of the world’s hotbeds of malware and hackers for hire. News of the virus was trending on Weibo, the country’s Twitter-like service, though reports of the impact were largely isolated to universities. China may have been spared a worse outbreak partly because the virus spread via email; many in China prefer to use messaging services instead.
A study last year by the Software Alliance, a trade association of vendors, found that a third of the software running on computers worldwide in 2015 was not properly licensed and had apparently been pirated. That represented a sharp drop from the alliance’s previous study, which found that 43 percent of the software running worldwide was not licensed.
But in China, the share of all unlicensed software was a steep 70 percent in 2015, down from 74 percent in 2013, The Software Alliance found. Few countries come close to China in this regard, but Russia’s share was 64 percent in 2015, and India’s was 58 percent.
Security firms said the attacks had spread to more than 74 countries, with Russia being the worst hit, followed by Ukraine, India and Taiwan, said Kaspersky Lab, a Russian cybersecurity firm.
Continue reading the main story