On Sunday, union representatives for a Renault auto plant in France received text messages from management: Tell the workers to stay home the next day. The company was dealing with the fallout from a global hack that hit thousands of businesses and the factory would be shut.
Since the hack was first detected on Friday last week, the company’s technicians have been racing to assess the damage. They have cleaned and rebooted systems that control robots on Renault’s factory floors, trying to make sure their systems were back to normal.
As universities, hospitals and businesses around the world continue to take stock from a global hack that has locked up at least 200,000 machines since last week, they are going through much the same process. Many are also trying to determine if they have lost any data or if their systems are safe. Some are trying to figure out whether they should pay the ransom, or whether they have backups that would allow them to avoid giving in.
Illustration: Kevin Sheu
On Saturday morning, technicians inspecting computers at Renault’s Sandouville operation in northern France found a demand in French for a US$300 bitcoin ransom with a threat to erase data.
The automaker decided not to pay.
However, Renault is to face other costs from shutting factories. For example, production is slowed and it would need to pay partial unemployment insurance for the thousands of employees at the Douai site who were not able to work on Monday.
The fallout for companies and institutions is growing by the day. The hack spread to thousands of additional computers on Monday, largely in China, India and Russia, although the pace of the rogue software’s advance appeared to be subsiding, at least temporarily.
The attack is even causing consternation at companies not affected so far, as they shore up their own defenses — and leaving them feeling more relieved than reassured.
“It’s a battle we’re fighting every day,” said William Caraher, chief information officer at Von Briesen & Roper, a midsize law firm in Milwaukee.
“We live in this world where any e-mail attachment could be carrying malicious software that could go viral,” he said.
Gauging the extent of the disruption globally is difficult. Some companies report attacks, but many do not, fearing potential damage to their corporate reputations.
For some, the modest US$300 ransom is an incentive to pay and move on, Gartner analyst Greg Young said.
In Germany, the hackers’ ransom demands popped up over the weekend on the screens of ticket vending machines of Deutsche Bahn, the national railway.
On Monday, Deutsche Bahn technicians were still working to remove the malware, and some vending machine screens were displaying plain text advising travelers to get information elsewhere — on the railway’s Web site or smartphone app.
However, Deutsche Bahn emphasized that the hacking had no effect on its train service or signaling systems, and like many other organizations affected by the hack, the railroad was hoping the worst was over.
In the US, package shipper FedEx said it had “resumed normal operations” and its computer systems were healthy again.
However, in Asia, some of the challenges are just beginning. China alone reported disruptions at nearly 40,000 organizations, including about 4,000 academic institutions, figures that experts have said are most likely to be low estimates, given the prevalence of pirated software there.
The list of affected organizations includes two of China’s most prestigious institutions of higher education, Tsinghua and Peking universities; a movie theater chain in South Korea; and blue-chip companies in Japan such as Hitachi and Nissan, which emphasized that their business operations had not been impaired.
China’s state-run oil company, PetroChina, confirmed that the attack had disrupted the electronic payment capabilities at many of its gas stations over the weekend.
By Sunday, 80 percent of its stations were functioning normally again, it said.
In Britain, where the attack was first detected on Friday last week, the National Health Service struggled to get hospitals, clinics and doctors’ offices fully operational. The attack had caused some patients to be turned away from emergency rooms, and surgical procedures and medical appointments needed to be rescheduled.
In Sandbach, England, John Cosgrove, a 42-year-old general practitioner, said things were recovering, but he still did not have access to complete patient records.
The public seems to be putting off medical care that can be postponed until the service’s computer systems are up and running normally again.
“On Friday [last week], there was a feeling of chaos,” Cosgrove said. “But there are not many people booking to see us. It does feel quite different still.”
Until computer security experts closely examine infected machines, they will not know the mechanism by which the malicious software got into the computers and then spread.
The malware used by the attackers was sophisticated, security experts have said, but the collection mechanism was not, by the current standards of ransomware, said Caleb Barlow, vice president in charge of threat intelligence for International Business Machines (IBM).
Some perpetrators include instructions for how to pay by bitcoin — and even examples of people who paid and regained access to their data, and those who did not.
However, this global ransomware attack did not include such payment easing features, Barlow said, and might account for the modest level of estimated payments so far.
“That is a bit of a head-scratcher,” he said.
The bitcoin payments as of late Monday afternoon were just less than US$60,000, according to Chainalysis, a bitcoin analytics firm.
The largest transaction was US$3,300, Chainalysis cofounder Jonathan Levin said, suggesting that large corporations and government agencies have not been paying.
The cyberattack underlines the growing problem of ransomware.
IBM’s security research unit collects and monitors about 45 million pieces of spam per day worldwide. In 2015, less than 1 percent of the spam was ransomware. By last year, 40 percent had a document or Web link that activated ransomware, and the current attack threatens to lift that percentage higher.
Disney CEO Bob Iger told employees at a town hall meeting in New York on Monday that hackers had contacted the company to claim access to one of its unreleased movies and had demanded a ransom.
Iger, who did not identify the film, said Disney would not pay and has been working with federal investigators to resolve the matter.
It was not clear if a film had actually fallen into hackers’ hands or if the attack was related to the one over the weekend.
A Disney spokeswoman did not respond to a request for comment.
Additional reporting by Sewell Chan, Prashant Rao, Choe Sang-hun, Jack Ewing, Melissa Eddy, Andrew Kramer, Sophia Kishkovsky, Sui-lee Wee and Jacqueline Williams
With its passing of Hong Kong’s new National Security Law, the People’s Republic of China (PRC) continues to tighten its noose on Hong Kong. Gone is the broken 1997 promise that Hong Kong would have free, democratic elections by 2017. Gone also is any semblance that the Chinese Communist Party (CCP) plays the long game. All the CCP had to do was hold the fort until 2047, when the “one country, two systems” framework would end and Hong Kong would rejoin the “motherland.” It would be a “demonstration-free” event. Instead, with the seemingly benevolent velvet glove off, the CCP has revealed its true iron
US President Donald Trump on Thursday issued executive orders barring Americans from conducting business with WeChat owner Tencent Holdings and ByteDance, the Beijing-based owner of popular video-sharing app TikTok. The orders are to take effect 45 days after they were signed, which is Sept. 20. The orders accuse WeChat of helping the Chinese Communist Party (CCP) review and remove content that it considers to be politically sensitive, and of using fabricated news to benefit itself. The White House has accused TikTok of collecting users’ information, location data and browsing histories, which could be used by the Chinese government, and pose
Chinese President Xi Jinping (習近平) at a ceremony on July 30 officially commissioned China’s BeiDou-3 satellite navigation system. The constellation of satellites, which is now fully operational, was completed six months ahead of schedule. Its deployment means that the People’s Republic of China (PRC) is now in possession of an autonomous, global satellite navigation system to rival the US’ GPS, Russia’s Glonass and the EU’s Galileo. Although Chinese officials have repeatedly sought to reassure the world that BeiDou-3 is primarily a civilian and commercial platform, US and European military experts beg to differ. Teresa Hitchens, a senior research associate at the University of
Taiwan’s rampant thesis and dissertation plagiarism has reduced the value of degrees, bringing the academic system’s public credibility to the brink of collapse. Data published on Retraction Watch — a blog that reports on retractions of scientific papers — showed that 73 papers written by Taiwanese researchers were retracted from international journals between 2012 and 2016 due to fake peer reviews, the second-highest in the world behind China. Based on the size of the academic population, Taiwan was the highest in the world, making it academically a pirate nation. Academic fraud in Taiwan can be divided into several types: the listing of coauthors;