A major wave of cyberattacks hits dozens of countries around the world on May 12, 2017, affecting hospitals, telecoms companies, government departments and other organisations. (Damien Meyer / AFP)
SINGAPORE/WASHINGTON - Asian governments and businesses reported some disruptions from the WannaCry ransomware worm on Monday but cyber security experts warned of a wider impact as more employees turned on their computers and checked e-mails.
In China, the world's second-largest economy, payment systems and government services reported some outages from the ransomware attack, but far less than feared. Disruptions were low in the rest of Asia, including Japan, India, South Korea and Australia.
The WannaCry worm, which erupted on Friday, locked up hundreds of thousands of computers in more than 150 countries, hitting factories, hospitals, shops and schools worldwide.
While the effect on Asian entities on Monday was less severe than anticipated, industry professionals flagged potential risks in the future. Companies that were hit by the worm, which is spread mostly by email, may be wary of making it public, they added.
"We're looking at (the) victims' profiles, we're still seeing a lot of victims in the Asia-Pacific region. But it is a global campaign, it's not targeted," said Tim Wellsmore, Director of Threat Intelligence, Asia Pacific at cyber security firm FireEye Inc.
"But I don’t think we can say it hasn’t impacted this region to the extent it has some other regions."
Michael Gazeley, managing director of Network Box, a Hong Kong-based cyber security firm, said there were still "many 'landmines' waiting in people's in-boxes" in the region, withmost of the attacks having arrived via e-mail.
However, financial markets in Asia were unfazed by news ofthe cyber attack, with stocks mostly up across the region during the day.
In China, energy giant Petro China said payment systems at some of its petrol stations were hit, although it had been able to restore most of the systems. Several Chinese government bodies, including police and traffic authorities,reported they had been impacted by the hack, according to postson official micro blogs.
Chinese tech firm Qihoo 360 said the rate of infection on Monday had slowed significantly from the past two days.
"Previous concerns of a wide-scale infection of domestic institutions did not eventuate," the firm said.
Japan's National Police Agency reported two breaches of computers in the country on Sunday - one at a hospital and the other case involving a private person - but no loss of funds.
Industrial conglomerate Hitachi Ltd. said the attack had affected its systems at some point over the weekend,leaving them unable to receive and send e-mails or open attachments in some cases. The problem is still ongoing, the company said.
In India, the government said it had only received a few reports of attacks on systems and urged those hit not to pay attackers any ransom. No major Indian corporations reported disruptions to operations.
A spokesman for the Hong Kong Exchanges and Clearing, one of the region's biggest bourses, said all systems were so farworking normally. "We remain highly vigilant," he said.
A cyber security researcher in Asia who declined to be named said that while most banks globally had escaped damage, not all had installed patches in time.
The result was that some phishing e-mails slipped through and were activated by users, but were caught by other security systems in place.
At Indonesia’s biggest cancer hospital, Dharmais Hospital inJakarta, around 100-200 people packed waiting rooms after the institution was hit by cyber attacks affecting scores of computers. By late morning, some people were still filling outforms manually, but the hospital said 70 percent of systems were back online now.
Elsewhere in the region, companies warned users and staff not to click on attachments or links. One school in South Korea barred its pupils from using the internet. Taiwan's government appeared to have escaped major infection, possibly because regulations there require all departments to install software updates as soon as they are available.
South Korea's presidential Blue House office said nine cases of ransomware were found in the country, but did not provide details on where the cyber attacks were discovered.
In Australia, Dan Tehan, the government minister responsible for cyber security, said just three businesses had been hit by the bug, despite worries of widespread infection. There were noreported cases in New Zealand.
Cyber security experts said the spread of the ransomware had slowed since its appearance on Friday but that the respite mightonly be brief.
For one thing, the attackers or copycat attackers may have developed new versions of the worm, although a British-based security researcher who thwarted an earlier version of the worm told Reuters most of these reports had been proven false.
In Hong Kong, Gazeley said his team had found a new versionof the worm that didn't use e-mail to lure victims.
Instead, it loaded scripts onto hacked websites where users who clicked on a malicious link would be infected directly. Hesaid it was too early to tell how many websites had been affected.
In a blog post on Sunday, Microsoft President Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: The ransomware attack leveraged ahacking tool built by the US National Security Agency that leaked online in April.
The non-profit US Cyber Consequences Unit research institute estimated that total losses would range in the hundreds of millions of dollars, but not exceed US$1 billion.
Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too difficult to patch without possibly disrupting crucial operations, security experts said.
Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks.