Ransomware cyber-attack: Who has been hardest hit?

  • Published
Map of areas hit by the cyber attack

The WannaCry ransomware cyber-attack has hit more than 200,000 computers in 150 countries since Friday, Europol says.

Governments, hospitals and major companies have all found themselves battling the malware, which demands money in return for unfreezing computers.

Russia 'hardest hit'

The virus tried to infect more computers in Russia than anywhere else, according to an analysis by Kaspersky Lab, a Russian antivirus company.

The interior ministry, railways, banks and the Megafon mobile phone operator - Russia's second-largest - all found themselves battling demands for ransom.

An interior ministry spokeswoman said about 1,000 computers using Microsoft Windows were attacked but these had been isolated from networks.

However, the ministry's vital servers were unaffected because they were running domestic Russian software, the spokeswoman said, including an operating system called Elbrus that was first developed during the late years of the Soviet Union, the New York Times reported, external.

German railways

Image source, AFP/Getty
Image caption,

The demand for Bitcoin appeared on departure screens at a Frankfurt station

Electronic boards at stations announcing arrivals and departures were affected, but train services were not disrupted, Deutsche Bahn said.

China universities

Many students reported seeing demands for ransoms pop up on their laptops as networks at universities across the country reported severe disruption.

Underfunded universities often use outdated or even pirated computer software, leaving students vulnerable to such attacks, according to BBC Asia-Pacific analyst Celia Hatton.

They are now being forced to pay $300 (£230) to continue working on end-of-year projects due to be handed in soon, our correspondent says.

Meanwhile, petrol stations in the western city of Chongqing were unable to accept card payments after systems at China National Petroleum Corp became infected, the South China Morning Post reported, external.

Overall, hundreds of thousands of computers at nearly 30,000 institutions and organisations were affected, including government agencies and hospitals, internet firm 360 Security said.

South Korea cinema

The country's biggest cinema chain CJ CGV said some of its advertisement servers connected to 50 cinemas had been affected, Yonhap news agency said, external.

Image source, EPA
Image caption,

Officials at the Korea Internet and Security Agency have been monitoring the threat

A company official said films were still being screened as scheduled and the company was investigating.

Overall, nine cases of ransomware had been found, the South Korean government said.

Japan companies

The Japan Computer Emergency Response Team Co-ordination Centre said 2,000 computers at 600 companies in Japan had been affected.

Hitachi said it was experiencing email delays and file delivery failures and suspected the cyber-attack was to blame, although no ransom was being demanded.

Indonesia hospital

The communication and information ministry said the malware locked patient files on computers at two hospitals in the capital Jakarta.

Patients at the Dharmais Cancer Hospital could not get queue numbers and waited several hours while staff found paper records, local media reported.

India state police

Police computer systems in the state of Andhra Pradesh have been hit, local media reports say. About 18 systems were hijacked an eventually disabled, the Business Standard reported, external.

Several companies in the cities of Mumbai, Hyderabad, Bengaluru and Chennai were also affected.

However India has said that its vital computer systems largely escaped unscathed because the state organisation that manages almost all government websites installed patches to immunise its Windows systems.

The Economic Times newspaper had said, external India could be particularly vulnerable to the malware because a large number of organisations and individuals use old outdated versions of Windows and there are also high numbers of people using pirated software.

UK hospitals

Some of the biggest disruption was caused by attacks on the UK health system, which saw hospitals and clinics forced to turn away patients after losing access to computers.

Pictures on social media showed NHS computer screens with messages saying: "Ooops, your files have been encrypted!"

In England, 48 National Health Service (NHS) trusts reported problems at hospitals, doctor surgeries or pharmacies, and 13 NHS organisations in Scotland were also affected.

A Nissan car factory in the north-eastern city of Sunderland was also affected, a spokeswoman said.

Spanish telecoms

The Spanish telephone operator Telefonica said it had been attacked. Telefonica's head of cyber-security Chema Alonso - himself a former hacker - said the infected equipment was "under control and being reinstalled".

Other Spanish firms to be hit included power firm Iberdrola and utility provider Gas Natural. Staff were reportedly told to turn off their computers.

France Renault

The car manufacturer had to halt production at many sites, including in France, Slovenia and Romania, as part of measures to stop the spread of the virus.

On Monday the firm said that 90% of its factories were running again. It said its plant at Douai in northern France would be back to normal on Tuesday, following checks. Renault would be able to catch up with any lost production so customers would not be affected, it added.

Ireland hospitals

Three hospitals in Ireland have been affected but the government says it will not name them and patient care is "broadly unaffected".

Fedex

The logistics firm said it was "implementing remediation steps as quickly as possible", without specifying how badly it had been affected.

Australia SMEs

Australian officials said so far only three small-to-medium sized businesses had reported being locked out of their systems.

In New Zealand, the ministry of business said a small number of unconfirmed incidents were being investigated.