X

Ransomware creators could let Taiwan off the hook

An email screenshot allegedly shows the creators of the ThunderCrypt ransomware attack may give up on Taiwan because they "overestimated" incomes there.

Zoey Chong Reporter
Zoey is CNET's Asia News Reporter based in Singapore. She prefers variety to monotony and owns an Android mobile device, a Windows PC and Apple's MacBook Pro all at the same time. Outside of the office, she can be found binging on Korean variety shows, if not chilling out with a book at a café recommended by a friend.
Zoey Chong
3 min read
Watch this: Why the WannaCry cyberattack is so bad, and so avoidable

As the world freaks out over the potential loss of massive amounts of data due to a global cyberattack by WannaCry, Taiwan may have something to celebrate about.

On Sunday, the creators of a ransomware called ThunderCrypt -- similar to WannaCry -- allegedly decided they'll let some Taiwanese victims off the hook, according to Singapore media outlet Channel 8 News.

In an email captured in a screenshot submitted by an affected user from Taiwan who claimed to earn only $400 a month, the creators said they realised their campaign was a "total failure" in the country and will decrypt the data of some affected Taiwanese at no charge.

They attributed the reason for the failure to having "overestimated [the] income" of the Taiwanese. The country's median income was reported at $1,344 last year.

This brings hope to Asian countries that the authors of WannaCry may perhaps bestow mercy upon the region too. Asian countries -- with monthly wages mostly falling below $1,800 -- typically run older, unpatched versions of Windows vulnerable to the ransomware.

The ransomware WannaCry was released worldwide Friday. It has hit over 100,000 organisations across 150 countries as of Sunday.

Affected users find their files locked with an error message demanding a ransom, usually of $300, in Bitcoin currency to recover their data, which will otherwise be deleted.

It has created frustrations both small and large:

Baburah Varma, technical director in Southeast Asia and India for cybersecurity firm Trend Micro, said that Asia may be hit harder than other regions because WannaCry "exploits systems with a Microsoft vulnerability in older versions of the OS."

Data backup and recovery company Acronis sees it differently. Eugene Aseev, vice president of engineering at Acronis Singapore, said Asian countries -- excluding China -- appear to be less affected than other parts of the world possibly because companies in the US and Europe are required to "notify their customers and other parties about successful cyberattacks on them." In Asia however, while discussions are "ongoing" to put in place similar directives, companies are not legally bound to reveal if they have been attacked.

Additionally, Aseev explained that since the attacks occurred when it was late Friday night in most parts of Asia, there are "significantly [fewer] machines active," which means the ransomware -- which scans for active Windows endpoints in order to launch an attack -- had much lower chances of infiltrating a machine. This stays true even after the workweek begins on Monday morning, because the attacks had been halted -- even if temporarily -- by the discovery of the kill-switch.

Microsoft declined to comment.

Regardless, no one should be letting their guard down. A fresh round of attacks have begun as the workweek kicks in, this time without the "kill switch" that delayed the spread of the malware. The easiest way to keep yourself safe now is to make sure your computer is updated with the latest patch from Microsoft.

ransomware-tweaked.jpg

The WannaCry ransomware that hit the world Friday has affected 150 countries.

Foursys




First published May 15, 7:51 a.m. PT.

Correction, May 15, 8:06 p.m. PT: The story has been updated to clarify that ThunderCrypt was the ransomware that attacked the Taiwanese user instead of WannaCry.

Updated, May 17, 12:36 a.m. PT: Added information from Acronis pertaining to the containment of WannaCry spread in Asia.

Solving for XX: The industry seeks to overcome outdated ideas about "women in tech."

Life, disrupted: In Europe, millions of refugees are still searching for a safe place to settle. Tech should be part of the solution. But is it?