By Ianni Tan, Xinhua News Agency
New computer virus is spreading rapidly with no known way to reverse the damage.
The WannaCry ransomware attack first began on Friday, 12 May 2017, infecting many countries including part of Britain’s National Health Service (NHS), resulting in them having to turn patients away, and Spain’s Telefonica.
12/5/17 (Friday morning)
The first infection starts in Europe. Soon after, Spanish mobile operator Telefonica is one of the first large organisations to be hit by the virus. Afterwards, the virus spread to organisations in several other countries as well – the UK’s NHS, France’s Renault, Germany’s Deutsche Bahn, Russia’s Megafon and the US’ FedEx.
12/5/17 (Friday afternoon)
A 22-year-old British researcher, who goes by the handle MalwareTech, accidentally activates a “kill switch” for the attack, putting out the proverbial forest fire caused by the virus. The researcher noticed that the virus was encrypting files in order to access a remote web address, and purchased the web address, resulting in the termination of the virus. He ended up directing connections to a harmless “sinkhole” server, rendering the ransomware inactive.
On the same day, Microsoft releases a critical security update to affected users.
What is it?
The WannaCry virus targeted computers running the Microsoft Windows operating system – it takes advantage of a flaw in the system and then proceeds to encrypt the files that are on the computer. Afterwards, it displays a “ransom note” asking the user to pay in order to have files decrypted.
The effects of the WannaCry virus were exacerbated by the high price that Microsoft charges for users to update their computers from older Windows versions. While the patch did offer a solution to the virus, the cost was approximately 2750 yuan, which deterred most users from upgrading their operating systems – the NHS, for instance, failed to update their software and thus became one of the first few organisations to be attacked by the virus.
Furthermore, while Microsoft did detect the security flaw in mid-March, it only sent the free security patch to users of the most recent version of the Windows 10 operating system, said the report. By the time Microsoft distributed the free software update, it was far too late to effectively contain the outbreak.
The virus originated from the Shadow Brokers, who supposedly discovered the flaw from NASA.
While the rest of the world assumed that the virus had been successfully controlled, Beijing authorities noticed that there was now a new, mutated version of the virus. The virus had over-ridden the previously-deactivated kill switch, and could no longer be prevented from spreading. The virus spread to 3,600 computers per hour.
China’s Banking Regulatory Committee has pledged to increase its cyber security management and risk prevention capabilities, and will guide banks to conduct monitoring, assessment and prevention for similar events in the future.
Is China affected?
As of 14 May, more than 300,000 computers – half the infected IPs worldwide – in China have been affected by the virus, including universities, immigration checkpoints and oil stations.