‘WannaCry’ Cyberattack Holds Chinese Computer Users to Ransom

2017-05-15 13:33:59

A virus known as “WannaCry,” which has targeted computers running on Microsoft operating systems in Europe and the U.S. in the past week, reached the Chinese mainland last Friday.

According to software company Qihoo 360, WannaCry hit tens of thousands of computers in China, with mainland users discovering their machines were no less vulnerable to a cyberattack than those across the globe. The malicious “ransomware” locks users out of their own systems, forcing them to pay a fine in order to regain access.

Among the 29,000 individual computers crippled by the virus over the weekend, nearly 15 percent were from universities, making on-campus users the hardest-hit demographic, said Sun Xiaojun, a product manager at Qihoo 360. Apart from university networks, the virus also spread through businesses and government institutions, he said.

WannaCry is transmitted via email; once downloaded, it encrypts a computer’s files and may soon spread to other machines on the same network. The screen of an infected computer will freeze, then display a message demanding payment in bitcoin, a digital currency. Victims have a short amount of time to pay before the fee is raised. Eventually, all of the user’s files are destroyed.

Chen Xiaoqiang, a senior at Guilin University of Electronic Technology, lost his senior-year project when he logged into the school’s intranet. “A notice just popped up on the screen asking me to pay $300 in bitcoin, and then everything was gone,” said Chen.

The school has scrambled to patch their Microsoft system, but “there is no way they can unencrypt the data now,” said Chen. “The school has delayed [my project’s] final presentation for one month, but I have to rush now.”

Chen chose not to pay the fine, but others felt they had no choice. According to data provided by Qihoo 360, 136 people globally have so far paid to have their files decrypted.

Government institutions and companies in China that neglected to update their Microsoft software have tended to fall victim to the ransomware assault, which uses a hacking tool stolen from the U.S. National Security Agency called “Eternal Blue,” according to Financial Times.

The exit-entry administration office in Xiangshui, a county in eastern China’s Jiangsu province, suspended its services on Saturday after it was hacked by WannaCry. The housing fund department in the southern city of Zhuhai, Guangdong province, also suspended operations for security upgrades.

Oil giant China National Petroleum Corporation was one of the first companies to report being infected by WannaCry. Starting on Friday night, some of the company’s gas stations were crippled by the virus and could not receive bank cards or online payments from customers, according to their official statement. The company scrambled to fix the problem, cutting internet connections to all of its gas stations and enlisting help from cybersecurity experts. By Sunday night, 20 percent of their gas stations were still affected, with customers having to pay in cash.

China’s cybersecurity experts are actively trying to find a solution, but fully containing the infection seems impossible. The Cyberspace Administration of China, the nation’s internet regulator, said the transmission of the virus has slowed, although the U.K.’s National Cyber Security Centre today issued a new warning about the possibility of another attack.

Across the world, WannaCry has already affected critical services and medical records in U.K. hospitals, crippled FedEx’s logistical operations in the U.S., and locked employees of Spain’s telecommunication giant Telefónica out of their work terminals.

Editor: Sarah O’Meara.

(Header image: E+/VCG)