Ransom virus slowing, cyber security awareness promoted

The ransomware virus, dubbed WannaCry, can encrypt all the files on a Windows PC and demands $300 worth of bitcoin, an untraceable digital currency widely used online, to unlock a user's data. [Photo/VCG]

Cyber security emergency response appears to have prevented a fresh round of attack from a ransomware virus that has hit more than 300,000 computers across the world.

The cyber security industry were fearful of a 'black Monday', as many workers switched on their computers after the weekend.

"A large-scale infection has been avoided, thanks to a 72-hour national mobilization and emergency response led by the authorities and supported by the industry," leading domestic cyber security company 360 Business Security Group said.

The ransomware virus, dubbed WannaCry, can encrypt all the files on a Windows PC and demands $300 worth of bitcoin, an untraceable digital currency widely used online, to unlock a user's data.

A Cybercpace Administration of China official said on Monday, that although the virus is still spreading, it has slowed.

"After the virus breakout, the authorities immediately made arrangements for cyber security guards and domestic cyber security companies to proactively provide security services and preventive tools," the official said.

Wu Yunkun, president of 360 Business Security Group, told chinadaily.com.cn to curb the virus's spread, the company had provided eight versions of warning notices, seven repair guides and six repair tools to their government and enterprises customers as of Monday morning.

The ransomware cyber attack, which is believed to be the largest global cyber attack in history, has hit 300,000 victims in at least 150 countries since Friday, making $70,000 worth of bitcoin, White House official Tom Bossert said, China News Service reported.

The report said that in China, more than 29,000 IPs were infected by the virus from Friday to Saturday, most of which were universities, hospitals, transport systems and companies.

The National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) had found 2.42 million IPs were suffering the attack and the number of infected IPs reached 35,000 as of 10:30 am on Sunday, Xinhua reported.

Jiangsu, Zhejiang, Guangdong and Jiangxi province were most affected, a report released by 360 Threat Intelligence Center on Saturday said.

"What is new about the WannaCry ransomware virus, which can worm its way into Windows PCs and propagate automatically through systems, is its attack on intranets," Wu said.

"The Transmission Control Protocol port 445 of Windows system, which is widely acknowledged unsafe, is closed on many computers. However, it is usually open on intranets used in many industries and enterprises because they think their intranets can be isolated with the extranet."

Wu said that is why universities, organizations and enterprises were especially vulnerable to the ransomware.

"Code for exploiting that bug, which is known as "Eternal Blue" in Microsoft's Windows operating system, was released on the internet in March and Microsoft released patches last month," Wu noted.

He said domestic cyber security companies like 360 Business Security Group reminded users to install patches via security software in March, but many users ignored the fix.

"The case is a test of the cyber security defending system in China. Although cyber security is considered to be at a national strategy level, domestic institutions and enterprises' overall security awareness is still not strong."

Brad Smith, president and chief legal officer of Microsoft, also said the cyber attack is "a wake-up call for all of us, whether we're in the tech sector, as customers or as government", according to a PBS report.

At present, the so-called "kill switch" for the attack, discovered by a young British cybersecurity researcher, is no longer effective.

As new versions of the virus such as WannaCry 2.0 have already begun emerging, any respite might be brief.