Worldwide cyberattack sparks fewer aftershocks than feared

Ransomware 'WannaCry' attack explained
Ransomware 'WannaCry' attack explained

Desperate attempts to contain the world's biggest cyberattack appear to be working.

"The number of infected computers has not increased as expected, which is a success," European law enforcement agency Europol said Monday.

The attack has hit at least 150 countries and infected 300,000 machines, according to U.S. officials. Hospitals, universities, manufacturers and government agencies in Britain, China, Russia, Germany and Spain have all been affected.

Analysts had feared that the ransomware attack, which started spreading on Friday, could accelerate as workers returned to their desks after the weekend and turned on compromised machines.

While the effect on companies in the Americas was not yet clear, aftershocks elsewhere from the "Wannacry" virus have so far been mild. "People may have updated their security systems over the last hours," Europol said.

Lynne Owens, director general of the U.K.'s National Crime Agency, said there was "no indication of a second surge of cases."

Russian President Vladimir Putin described the threat as serious, but said Monday that it had caused "no significant damage" to the country's institutions.

Chinese internet security company Qihoo360 said Saturday that a large number of colleges and students in the country had been affected by the ransomware, which is also referred to as WannaCrypt. State media reported that digital payment systems at some gas stations were offline, forcing customers to pay cash.

Major global companies said they also came under attack. Fedex (FDX) said it had experienced "interference with some of our Windows-based systems caused by malware." Two big telecoms companies, Telefónica (TEF) of Spain and Megafon of Russia, were also hit, as was Japanese carmaker Nissan (NSANF) in the U.K.

The attacks weren't as widespread in the United States. A Homeland Security official told CNN on Monday that a "small number" of the country's infrastructure systems were hit. The official declined to go into specifics but said none of the disruption was "significant."

Related: If you're hit by cyberattack, don't pay the ransom

ransomware attack china

"Wannacry" locks users out of their computers and demands hundreds of dollars from victims hoping to regain control of their documents and data. Europol said Monday that "very few" people have paid the ransom.

U.S. Homeland Security Adviser Tom Bossert said the attackers collected less than $70,000.

The ransomware exploits a vulnerability in outdated versions of Microsoft Windows that is particularly problematic for corporations that don't automatically update their systems. The exploit was leaked last month as part of a trove of U.S. spy tools.

Related: A super-simple explanation of what happened

"We will get a decryption tool eventually, but for the moment, it's still a live threat and we're still in disaster recovery mode," Europol director Rob Wainwright told CNN on Sunday.

Wainwright said the agency is analyzing the virus and has yet to identify who is responsible for the attack.

Related: U.S. should not stockpile cyber weapons

The blaming has already started. Brad Smith, Microsoft's (MSFT) president and top lawyer, said Sunday that the company has the "first responsibility" to address the problem. But he also said the incident was a "wake-up call" for governments.

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," he said. "An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."

Bossert, the U.S. homeland security adviser, said Monday that the National Security Agency did not create the program.

"This was not a tool developed by the NSA to ransom data," Bossert told reporters at the White House, instead pointing to criminals and nation states.

At least one strain of the ransomware has proven especially vicious. Once it infects one computer within a network, it can spread to all the computers in that network "within seconds," said Israel Levy, the CEO of the cybersecurity firm Bufferzone.

For example, if an office worker opens an infected PDF attached to an email, soon everyone in the office could be under attack. That was "unheard of six months ago," Levy said. Previous attacks targeted one machine at time.

Editor's note: Are you affected by the attack? Have you paid the ransom? You can WhatsApp us on +1 347-322-0415.

Related: World's biggest cyberattack sends countries into 'disaster recovery mode'

The list of institutions affected has grown as more become aware of hacks and variants of the virus spread.

Global Companies

FedEx: The company said it was "experiencing interference with some of our Windows-based systems caused by malware" and was trying to fix the problems as quickly as possible.

Nissan: The carmaker said in a statement that "some Nissan entities were recently targeted" but "there has been no major impact on our business."


Colleges: Internet security firm Qihoo360 issued a "red alert" over the weekend, saying a large number of colleges and students in China had been hit by the ransomware attack.

Gas stations: State-run media in China reported that some gas stations saw their digital payment systems shut down, forcing customers to bring cash.


Deutsche Bahn: The German railway company told CNNMoney that due to the attack "passenger information displays in some stations were inoperative" as were "some ticket machines."


Hitachi: The Japanese electronics firm said Monday that its computer systems have been experiencing problems since the weekend, including not being able to send and receive emails or open attached files. Hitachi (HTHIY) said it believed the difficulties are linked to the global cyberattack but they haven't so far harmed its business operations.


Russian Central Bank: State media agency Tass reported the bank discovered malware bulk emails to banks but detected no compromise of resources. The central bank reportedly said those monitoring the cyberattacks found "no incidents compromising data resources of banking institutions."

Russian Railways: State media said a virus attacked the IT system of Russian Railways, but it did not affect operations due to a prompt response. The company said the virus has been localized and "technical work is underway to destroy it and update the antivirus protection."

Interior Ministry: The Russian Interior Ministry acknowledged a ransomware attack on its computers, adding that less than 1% of computers were affected. The statement said antivirus systems are working to destroy it.

Megafon: A spokesperson for Russian telecommunications company Megafon told CNN that the cyberattack affected call centers but not the company's networks. He said the situation was under control.


Telefónica: Spanish authorities confirmed the Spanish telecom company Telefónica (TEF) was one of the targets, though the attack affected only some computers and did not compromise the security of clients' information.

United Kingdom

National Health Service: At least sixteen NHS organizations have been hit, according to NHS Digital. "At this stage, we do not have any evidence that patient data has been accessed. We will continue to work with affected (organizations) to confirm this," the agency said. The NHS has said hospitals have had to cancel some outpatient appointments because of the attack.

The UK government called a meeting of its crisis response committee, known as Cobra, to discuss how to handle the situation. The British Home Secretary said most of the NHS systems were back to normal by midday Saturday.


State police: Police in the southern Indian state of Andhra Pradesh said 25% of its systems were hit by the attack late Saturday. The state's Deputy Superintendent of Police, Palle Joshua, told CNNMoney that the impact would have been greater, but many districts took their systems offline as soon as the first attacks hit. "Our cybercrime teams are currently working to retrieve lost data," Joshua said.

--Jethro Mullen, Yoko Wakatsuki, Claudia Rebaza, Richard Greene and David Shortell contributed to this report.

CNNMoney Sponsors