2017-05-19 05:36:02
Victims Call Hackers’ Bluff as Ransomware Deadline Nears

HONG KONG — With the clock ticking on whether a global hacking attack would wipe out his data, Bolton Jiang had no intention of paying a 21st-century ransom.

Since a week ago, when a global ransomware attack hit people, companies and institutions in dozens of countries around the world, Mr. Jiang has been busily fixing and replacing computers at the electronics company where he works before the deadline hits. Paying is a bother, he said — and there was no guarantee he would get his data back.

“Even if you do pay, you won’t necessarily be able to open the files that are hit by the virus,” he said. “There is no solution to it.”

Tens of thousands of computer users around the world faced the same dilemma on Friday, their last chance to pay the anonymous hackers behind the ransomware attack known as WannaCry that struck last week. The attack exposed the widespread vulnerability of computers and offered a peek at how a new type of crime could be committed on a global scale.

So far, the take looks modest. An online tracking system early on Friday showed that the amount paid in the electronic currency Bitcoin to accounts listed by the attackers had begun to plateau on Wednesday, and by early Friday totaled just $90,000. Early estimates of what the virus could ultimately earn ranged into the tens of millions or even hundreds of millions of dollars.

A number of people and companies struck a defiant tone. Hitachi of Japan, which had been identified in the Japanese news media as a victim, declined to confirm those reports on Friday but said that it had no intention of paying a ransom and that it aimed to be fully secure against future attacks by Monday.

Nissan Motor, another Japanese industrial giant, also said it would not pay a ransom. Its British facility was hit when the attack first rippled through the internet a week ago, but it said it did not lose data.

Owners of the more than 200,000 computers across the globe that have been hit by the malware face similar decisions. Those affected, including hospitals, government offices and universities, have lost access to important files such as business information, term papers and even medical records that could be matters of life or death.

Yet cybersecurity experts have generally advised those affected not to pay.

“It costs the perpetrators peanuts to carry out an attack like this,” said Rafael Sanchez, international breach response manager at Beazley, an insurer in London that has handled thousands of ransomware attacks for corporate clients. “And any ransom will only likely lead to more attacks.”

While some who paid regained access to their files, according to the Finnish cybersecurity firm F-Secure, security firms caution there is no guarantee that all WannaCry victims will get their files back. The fact that the attackers listed only three addresses as payment destinations means it would be difficult to figure out which victims have paid, and therefore whose files to decrypt.

“It looks like the attackers had no intent in decrypting anything,” said Tom Robinson, co-founder of Elliptic, a company in London that tracks online financial transactions involving virtual currencies that helps organizations respond to digital attacks.

Paying the ransom could also make individuals targets in the future, and it also presents a technical challenge for many, who have never used Bitcoin to make payments before.

For some, payment is not an option. Many are not familiar with Bitcoin, the electronic currency that does not answer to any of the world’s central banks. Many national governments and institutions have rules about paying ransoms.

In Berhampur, a city of about 380,000 on India’s east coast, two computers at the Berhampur City Hospital were hit by the WannaCry malware. Dr. Saroj Mishra, assistant health officer for the surrounding district of Ganjam, said that most of the data was recovered — and that health officials had no intention of paying the hackers.

“We don’t have the permission to pay the hackers,” Dr. Mishra said. He added, “there is no question of compromising. It is a matter of investigation.”

In other places, those affected simply cannot afford to pay.

In China, where pirated software is believed to have contributed to the ransomware’s spread, about 4,000 of the 40,000 institutions affected are educational institutions. On Chinese social media, many students reported being locked out of final term papers.

“The hacker asked for $300 to $600,” Zhu Huanjie, a college student in Hangzhou. “Average students can’t afford that.”

The identity of the perpetrator remains unclear. Some initial signs point to hackers that cybersecurity experts previously linked with North Korea, though they warn that the evidence is far from conclusive.

Some attacks could also come from copycats, experts say, muddying attempts to catch the perpetrators.

Xu Hengyu, information technology manager of a Shanghai entertainment company, Renxing Pictures, said the company had intended to send more than $720 to hackers threatening to delete two months’ worth of data. But when Mr. Xu tried to negotiate the price down, he said the hackers responded in Chinese and told him he could wire the money to a Chinese bank account in China’s currency, the renminbi, rather than Bitcoin. Mr. Xu said he was unsure whether the hackers were the same as those behind the WannaCry attack.

“We thought about reporting to the police, but we haven’t so far,” he said. “We thought if this problem could be solved by the direct payment, we’d rather stay that way and not go to the police, as the police must already have many cases.”

He added, “We still prioritize data recovery over everything else.”