China hit by cyber attack as Europe warns of more disruptions

The "ransomware" cyber attack hit Chinese traffic police and schools on Monday as it rolled into Asia for the new work week, while authorities in Europe said they were trying to prevent hackers from spreading new versions of the virus.

In Britain, where the virus first raised global alarm when it caused hospitals to divert ambulances on Friday, it gained traction as a political issue just weeks before a general election.

Shares in firms that provide cyber security services rose with the prospect that companies and governments would have to spend more money on defences.

Some victims were ignoring official advice and paying the $300 ransom demanded by the cybercriminals to unlock their computers, which was due to double to $600 on Monday for computers hit by Friday's first wave.

Director of Security at Lancaster University in the UK Awais Rashid explains how hackers were able to exploit flaws in the security systems of computers around the world.

Brian Lord, managing director of cyber and technology at cyber security firm PGI, said victims had told him the hackers offered good service, with helpful advice on how to pay: "One customer said they actually forgot they were being robbed."

But the hackers do not appear so far to have been well rewarded: only about $50,000 has been transferred to their online wallets so far, according to Elliptic Labs which tracks transactions using the internet currency bitcoin.

Although the virus's spread was curbed over the weekend in most of the world, France, where carmaker Renault was among the world's highest profile victims, said more attacks were likely.

"We should expect similar attacks regularly in the coming days and weeks," said Giullaume Poupard, head of French government cyber security agency ANSSI. "Attackers update their software ... other attackers will learn from the method and will carry out attacks."

Companies and governments spent the weekend upgrading software to limit the spread of the virus.

Monday was the first big test for Asia, where offices had already mostly been closed for the weekend before the attack first arrived.

Asia affected

China appeared over the weekend to have been particularly vulnerable, raising worries about how well the world's second largest economy would cope when it opened for business on Monday.

And according to Qihoo 360, one of China's largest providers of antivirus software, "hundreds of thousands" of computers in the country were affected, including petrol stations, cash machines and universities.

However, officials and security firms said the spread was starting to slow.

Affected bodies included a social security department in the city of Changsha, the exit-entry bureau in Dalian, a housing fund in Zhuhai and an industry watchdog in Xuzhou.

Energy giant PetroChina said payment systems at some of its petrol stations were hit, although it had been able to restore most of the systems.

Elsewhere in Asia, the impact seems to have been more limited. Japan's National Police Agency reported two breaches of computers in the country on Sunday, one at a hospital and the other case involving a private person, but no loss of funds.

Industrial conglomerate Hitachi Ltd. said the attack had affected its systems at some point over the weekend, leaving them unable to receive and send e-mails or open attachments in some cases.

In India, the government said it had only received a few reports of attacks on systems and urged those hit not to pay attackers any ransom. No major Indian corporations reported disruptions to operations.

At Indonesia's biggest cancer hospital, Dharmais Hospital in Jakarta, around 100-200 people packed waiting rooms after the institution was hit by cyber attacks affecting scores of computers. By late morning, some people were still filling out forms manually, but the hospital said 70 percent of systems were back online.

South Korea's presidential Blue House office said nine cases of ransomware were found in the country, but did not provide details on where the cyber attacks were discovered. A coal port in New Zealand shut temporarily to upgrade its systems.