Ransomware cyber-attack: Who has been hardest hit?

Map of areas hit by the cyber attack

The WannaCry ransomware cyber-attack has hit more than 200,000 computers in 150 countries since Friday, Europol says.

Governments, hospitals and major companies have all found themselves battling the malware, which demands money in return for unfreezing computers.

Russia ‘hardest hit’

The virus tried to infect more computers in Russia than anywhere else, according to an analysis by Kaspersky Lab, a Russian antivirus company.

The interior ministry, railways, banks and the Megafon mobile phone operator – Russia’s second-largest – all found themselves battling demands for ransom.

An interior ministry spokeswoman said about 1,000 computers using Microsoft Windows were attacked but these had been isolated from networks.

However, the ministry’s vital servers were unaffected because they were running domestic Russian software, the spokeswoman said, including an operating system called Elbrus that was first developed during the late years of the Soviet Union, the New York Times reported.

German railways

Image copyright

Image caption

The demand for Bitcoin appeared on departure screens at a Frankfurt station

Electronic boards at stations announcing arrivals and departures were affected, but train services were not disrupted, Deutsche Bahn said.

China universities

Some students reported seeing demands for ransoms pop up on their laptops as networks at several universities – including Tsinghua and Peking in Beijing – reported severe disruption.

Meanwhile, petrol stations in the western city of Chongqing were unable to accept card payments after systems at China National Petroleum Corp became infected, the South China Morning Post reported.

Overall, hundreds of thousands of computers at nearly 30,000 institutions and organisations were affected, including government agencies and hospitals, internet firm 360 Security said.

South Korea cinema

The country’s biggest cinema chain CJ CGV said some of its advertisement servers connected to 50 cinemas had been affected, Yonhap news agency said.

Image copyright

Image caption

Officials at the Korea Internet and Security Agency have been monitoring the threat

A company official said films were still being screened as scheduled and the company was investigating.

Overall, nine cases of ransomware had been found, the South Korean government said.

Japan companies

The Japan Computer Emergency Response Team Co-ordination Centre said 2,000 computers at 600 companies in Japan had been affected.

Hitachi said it was experiencing email delays and file delivery failures and suspected the cyber-attack was to blame, although no ransom was being demanded.

Indonesia hospital

The communication and information ministry said the malware locked patient files on computers at two hospitals in the capital Jakarta.

Patients at the Dharmais Cancer Hospital could not get queue numbers and waited several hours while staff found paper records, local media reported.

India state police

Police computer systems in the state of Andhra Pradesh have been hit, local media reports say. About 18 systems were hijacked an eventually disabled, the Business Standard reported.

Several companies in the cities of Mumbai, Hyderabad, Bengaluru and Chennai have also been affected.

The Economic Times newspaper said India could be particularly vulnerable to the malware because a large number of organisations and individuals use old outdated versions of Windows and there are also high numbers of people using pirated software.

UK hospitals

Some of the biggest disruption was caused by attacks on the UK health system, which saw hospitals and clinics forced to turn away patients after losing access to computers.

Pictures on social media showed NHS computer screens with messages saying: “Ooops, your files have been encrypted!”

In England, 48 National Health Service (NHS) trusts reported problems at hospitals, doctor surgeries or pharmacies, and 13 NHS organisations in Scotland were also affected.

A Nissan car factory in the north-eastern city of Sunderland was also affected, a spokeswoman said.

Spanish telecoms

The Spanish telephone operator Telefonica said it had been attacked. Telefonica’s head of cyber-security Chema Alonso – himself a former hacker – said the infected equipment was “under control and being reinstalled”.

Other Spanish firms to be hit included power firm Iberdrola and utility provider Gas Natural. Staff were reportedly told to turn off their computers.

France Renault

The car manufacturer had to halt production at sites in France, Slovenia and Romania as part of measures to stop the spread of the virus.


The logistics firm said it was “implementing remediation steps as quickly as possible”, without specifying how badly it had been affected.

Australia SMEs

Australian officials said so far only three small-to-medium sized businesses had reported being locked out of their systems.

In New Zealand, the ministry of business said a small number of unconfirmed incidents were being investigated.

Ransomware cyber-attack: Who has been hardest hit?