Global cyber chaos is spreading Monday as companies boot up computers at work following the weekend’s worldwide “ransomware” cyberattack.
The extortion scheme has created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. The initial attack, known as “WannaCry,” paralyzed computers running Britain’s hospital network, Germany’s national railway and scores of other companies and government agencies around the world.
As a loose global network of cybersecurity experts fought the ransomware hackers, Chinese state media said 29,372 institutions there had been infected along with hundreds of thousands of devices.
The Japan Computer Emergency Response Team Coordination Center, a nonprofit providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far.
The government found no impact among agencies, though companies like Hitachi and Nissan Motor Co. reported problems that had not seriously affected their business operations.
In China, universities and other educational institutions were among the hardest hit, about 15 percent of the internet protocol addresses attacked, according to the official Xinhua News Agency.
Railway stations, mail delivery, gas stations, hospitals, office buildings, shopping malls and government services were affected, the news agency said, citing the Threat Intelligence Center of Qihoo 360, a Chinese internet security services company.
Officials in Japan and South Korea said they believed security updates had helped ward off the worst of the impact.
The attack was disrupting computers that run factories, banks, government agencies and transport systems in Russia, Ukraine, Brazil, Spain, India and Japan, among others. Russia’s Interior Ministry and companies including Spain’s Telefonica, FedEx Corp. in the U.S. and French carmaker Renault all reported troubles.
Experts were urging organizations and companies to update older Microsoft operating systems immediately to limit vulnerability to a more powerful version of the malware — or to future versions that can’t be stopped.
New variants of the rapidly replicating worm were discovered Sunday and one did not include the so-called kill switch that allowed researchers to interrupt its spread Friday by diverting it to a dead end on the internet.
Ryan Kalember, senior vice president at Proofpoint Inc. which helped stop its spread, said the version without a kill switch could spread but was benign because it contained a flaw that prevented it from taking over computers and demanding ransom to unlock files.
“I still expect another to pop up and be fully operational,” Kalember said. “We haven’t fully dodged this bullet at all until we’re patched against the vulnerability itself.”
The attack held users hostage by freezing their computers, popping up a red screen with the words, “Oops, your files have been encrypted!” and demanding money through online bitcoin payment — $300 at first, rising to $600 before it destroys files hours later.
Just one person in an organization who clicked on an infected attachment or bad link, would lead to all computers in a network becoming infected, said Vikram Thakur, technical director of Symantec Security Response.
“That’s what makes this more troubling than ransomware was a week ago,” Thakur said.