The Latest: 29,000 Chinese institutions hit by cyberattack
The latest on the global extortion cyberattack that hit dozens of countries on Friday (all times local):
4:50 a.m.
Chinese state media say more than 29,000 institutions across China have been infected by the global "ransomware" cyberattack.
Xinhua News Agency reports that by Saturday evening, 29,372 institutions had been infected along with hundreds of thousands of devices. It cited the Threat Intelligence Center of Qihoo 360, a Chinese internet security services company.
It says universities and educational institutions were among the hardest hit, numbering 4,341, or about 15 percent of internet protocol addresses attacked. Also affected were railway stations, mail delivery, gas stations, hospitals, office buildings, shopping malls and government services.
Xinhua says the system used by PetroChina's gas stations was attacked, meaning customers could not use their cards to pay. Most stations had recovered.
___
4:45 a.m.
Japanese companies say they are working to overcome the problems caused by a global "ransomware" cyberattack.
Nissan Motor Co. confirmed Monday some units had been targeted, but it had responded and there has been no major impact on its business.
Hitachi spokeswoman Yuko Tainiuchi said it was experiencing email delays and file delivery failures and suspected the cyberattack was at fault, even though no ransom was being demanded. Programs were being installed to fix the problem.
Broadcaster NTV reported 600 companies and 2,000 computers in Japan had been affected. Overall the attack has created chaos in 150 countries
The initial attack, known as "WannaCry," paralyzed computers that run Britain's hospital network, Germany's national railway and other companies and government agencies worldwide in what's believed to be the biggest online extortion scheme ever.
___
2:30 a.m.
The Indonesian government is urging businesses to update computer security after two hospitals were affected by a "ransomware" cyberattack that has hit dozens of countries.
The director-general of Indonesia's Communication and Information Ministry says in a statement that the malware locked patient files on computers at the affected hospitals, both in the capital Jakarta.
Local media reported Monday that patients arriving at Dharmais Cancer Hospital on the weekend were unable to get queue numbers and had to wait several hours while staff worked with paper records.
The ministry has announced specific measures that organizations can take to counter the "WannaCry" attack including a specific update to Microsoft operating systems.
___
12:20 a.m.
Microsoft's top lawyer is laying some of the blame for Friday's massive cyberattack at the feet of the U.S. government.
Brad Smith criticized U.S. intelligence agencies, including the CIA and National Security Agency, for "stockpiling" software code that can be used by hackers. Cybersecurity experts say the unknown hackers who launched this weekend's "ransomware" attacks used a vulnerability that was exposed in NSA documents leaked online.
In a post on Microsoft's blog, Smith says: "An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."
Microsoft's lawyer says governments should "report vulnerabilities" that they discover to software companies, "rather than stockpile, sell, or exploit them."
___
10:30 p.m.
Britain's National Cyber Security Center has joined others in warning that more cases of "ransomware" attacks may come to light as a new work week starts Monday.
The organization predicts that the problem could be "at a significant scale" because some infected machines haven't yet been detected, and existing infections can spread within networks.
It said Sunday that a similar cyberattack could also recur, though it did not have "specific evidence" of this.
The warning echoed that from Europe's policing agency earlier Sunday. Europol that said the malware has claimed some 200,000 victims across 150 countries and that the numbers are still going up. Officials urged organizations and companies to immediately update their security software.
___
8:45 p.m.
An executive at a cybersecurity firm that helped block a global ransomware attack says new variations of the malicious worm are circulating and researchers expect one to develop that can't be stopped.
Ryan Kalember, senior vice president at Proofpoint Inc., says that millions of devices could be vulnerable if they haven't applied security patches over the weekend.
He says if a new variant without a so-called kill switch pops up, then organizations will be on their own to prevent it from taking over their computers.
Proofpoint and a British cybersecurity researcher teamed up Friday to derail the attack that was said to strike at least 100,000 organizations in 150 countries.
It is believed to be the biggest online extortion ever, hitting British hospitals, German rail and companies and government agencies.
___
6 p.m.
The former U.S. national intelligence director says the global "ransomware" attack could grow much larger when people return to work.
James Clapper told ABC's "This Week" on Sunday that he expects similar attacks to become a growing problem in the future.
Europe's police agency says the attack has hit at least 100,000 organizations in 150 countries.
It is believed to be the biggest online extortion recorded. It spread cyber chaos worldwide, hitting Britain's hospital network, Germany's railway and scores of companies and government agencies.
Clapper and Europol say the scope of the problem may become bigger Monday when people switch on their computers.
Clapper, who served as intelligence director under President Barack Obama, calls it a "very serious, serious problem."
Attackers have demanded $300 to $600 to unlock encrypted files.
___
11:40 a.m.
Europol, the European Union's police agency, says the international "ransomware" cyberattack has so far hit more than 100,000 organizations in at least 150 countries.
Spokesman Jan Op Gen Oorth said Sunday that the number of individuals who have fallen victim to the cyberextortion attack could be much higher.
He said it was too early to say who is behind the onslaught and what their motivation was. He said the main challenge was the fast-spreading capabilities of the malware, but added that, so far, not many people have paid the ransoms that the virus demands.
He warned that more people may be hit by the virus Monday when they return to work and switch on their computers.
The attack that began Friday is believed to be the biggest online extortion attack ever recorded, with victims including Britain's hospital network and Germany's national railway.
___
10:40 a.m.
Chinese media are reporting that the global "ransomware" virus attacked many university networks in China.
The Beijing News said Sunday that students at several universities around the country reported being hit by the virus, which blocked access to their thesis papers and dissertation presentations.
In each case, a pop-up window demanded payments of $300, or about 2,000 yuan, in order to free the files.
The attack that began Friday is believed to be the biggest online extortion attack ever recorded, disrupting computers that run factories, banks, government agencies and transport systems. It crippled the British health care system for a day, infecting nearly 20 percent of its health care groups, forcing medical treatments to be canceled or postponed for thousands of people.
A young British cybersecurity researcher discovered a so-called "kill switch" for the attack, limiting the damage.
___
6 a.m.
As terrifying as the unprecedented global "ransomware" attack was, cybersecurity experts say it's nothing compared to what might be coming — especially if companies and governments don't make major fixes.
Had it not been for a young cybersecurity researcher's accidental discovery of a so-called "kill switch," the malicious software likely would have spread much farther and faster that it did Friday.
This is already believed to be the biggest online extortion attack ever recorded, disrupting computers that run factories, banks, government agencies and transport systems in nations as diverse as Russia, Ukraine, Brazil, Spain, India and the U.S.
Security experts tempered the alarm bells by saying that widespread attacks are tough to pull off. This one worked because of a "perfect storm" of conditions, including a known and highly dangerous security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and malware designed to spread quickly once inside university, business or government networks.