Bank of China ATMs Go Dark As Ransomware Attack Cripples China

In the aftermath of the global WannaCry ransomware attack, which has spread around the globe like wildfire, a significant number of corporations and public services have found their infrastructure grinding to a halt, unable to operate with unprotected if mission-critical computers taken offline indefinitely. Some of the more prominent examples so far include:
  • NHS: The British public health service - the world's fifth-largest employer, with 1.7 million staff - was badly hit, with interior minister Amber Rudd saying around 45 facilities were affected. Several were forced to cancel or delay treatment for patients.
  • Germany's Deutsche Bahn national railway operator was affected, with information screens and ticket machines hit. Travelers tweeted pictures of hijacked departure boards showing the ransom demand instead of train times. But the company insisted that trains were running as normal.
  • Renault: The French automobile giant was hit, forcing it to halt production at sites in France and its factory in Slovenia as part of measures to stop the spread of the virus.
  • FedEx: The US package delivery group acknowledged it had been hit by malware and said it was "implementing remediation steps as quickly as possible." .
  • Russian banks, ministries, railways: Russia's central bank was targeted, along with several government ministries and the railway system. The interior ministry said 1,000 of its computers were hit by a virus. Officials played down the incident, saying the attacks had been contained.
  • Telefonica: The Spanish telephone giant said it was attacked but "the infected equipment is under control and being reinstalled," said Chema Alonso, the head of the company's cyber security unit and a former hacker.
  • Sandvik: Computers handling both administration and production were hit in a number of countries where the company operates, with some production forced to stop. "In some cases the effects were small, in others they were a little larger," Head of External Communications Par Altan said.
One place which seemed to have emerged relatively unscathed from the global cyber-havoc (aside from the US, which is ironic as it is the U.S. NSA that was created the hacking software) has been China. Or so it seemed due to lack of media reports from the mainland. Now, courtesy of, and its twitter account, we have the first visual evidence that China too was materially impacted, to the point where not only local ATMs had been taken offline, but Chinese traffic police, immigration authorities and various public security bureaus and schools have suspended normal work until the malware threat is resolved.


#WanaCypt0r#wannacrypt #infosec
China has been attacked to expand the scope
— 95cn (@95cnsec) May 13, 2017
The following images taken on Saturday show Bank of China ATMs infected with the ransomware virus.


More Chinese ATMs taken hostage:

WannaCry also hit the Public Security Bureau:


Various Chinese traffic police, immigration authorities and Public Security Bureaus were forced to suspend normal work:
#WanaCypt0r#wannacrypt @hackerfantastic #China traffic police, immigration authorities, the Public Security Bureau to suspend normal work
— 95cn (@95cnsec) May 13, 2017
A map of the attacks shows that in addition to China, South Korea and Japan have also been seriously impacted. North Korea, however, has managed to squeeze through the cracks so far, perhaps due to the lack of local internet connectivity.
* * *
Finally, for those interested, here is a video courtesy of @hackerfantastic showing what realtime WannaCry infection looks like.
Here is a video showing a machine on the left infected with MS17-010 worm, spreading WCry ransomware to machine on the right in real time.
— Hacker Fantastic (@hackerfantastic) May 13, 2017
For now it is unclear what if any economic impact this "Biggest Ransomware Attack In History" will unleash on the world. Whatever the final outcome, don't forget to thank the NSA, whose product made all this possible, and which was warned by numerous skeptics, about just this eventuality.
.@RepTedLieu: "It is deeply disturbing the National Security Agency likely wrote the original malware" behind today's massive cyberattack