BANGKOK — As Thailand seemed spared the full force of a ransomware attack that has wreaked havoc throughout the world, a possible Thai variant of the program surfaced Monday afternoon.
More than 180,000 people in 150 countries so far have been affected by WannaCry, a viral piece of malware that locks down computers and holds their content ransom until the equivalent of USD$300 is paid in bitcoins. The government said Monday that measures have been implemented to prevent the spread in Thailand, though several security experts warn the risk of a more dangerous outbreak remains.
“The government is concerned about what happened. Prime Minister Gen. Prayuth Chan-ocha has ordered the Ministry of Digital Economy and Society to closely monitor any problem that may happen,” ministry official Somsak Khaosuwan said Monday in a statement to the press.
“As for Thailand, currently we have not found any severe damage from the aforementioned malware infection,” he added.
Police spokesman Krissana Pattanacharoen said Interpol alerted the Thai police force on Saturday morning local time about the outbreak. No one has filed a criminal complaint over the issue so far, Col. Krissana said, adding that anyone who wishes to do so should contact the Technology Crime Suppression Division.
WannaCrypt, also known as WannaCry, takes control of computer systems by exploiting bugs in Windows operating systems using a method widely believed stolen from the NSA. Functionality is restored only if users pay the ransom demanded by attackers within a matter of hours.
On Monday, an IT security expert in Prague tweeted what appeared to be a Thai-language variant of WannaCry under development.
— JaromirHorejsi (@JaromirHorejsi) May 15, 2017
At least two high-profile companies in Thailand were hit by the malware.
The attack hit video game distributor Garena Online just as it was launching a new online game, Blade & Soul. About 100,000 players were reportedly active in the game when Garena had to shut it down because hundreds of its servers became infected by WannaCry.
A Garena spokeswoman said Monday that the servers were back online but would not say whether the company had paid the ransom to regain control of the compromised machines.
It also reportedly struck Blue Sky, a TV channel affiliated with the Yellowshirt movement.
According to an image posted on social media, the malware affect at least one video billboard at Witthayu Junction, where Sathorn and Rama IV roads intersect.
Ransomware กลางเมืองเลยจย้าาาาาาาาา pic.twitter.com/HvMGzkkwLM
— คลิตอเรีย เมียด (@ALiCE6TY9) May 13, 2017
Unlike other countries in the region, there have so far been no reports of hospitals or banking systems being affected as of Monday afternoon.
Internet transparency activist Arthit Suriyawongkul said it’s hard to estimate the extent of WannaCry’s damage because Thai agencies routinely keep security breaches confidential rather than go public.
“They’re afraid that if they admit to being attacked, it might affect their organization’s image,” said Arthit of the Thai Netizen Network. “This idea is in contrast with some foreign countries. They don’t see it as a problem of any single agency, but a problem of everyone. The best way is to share information.”
Digital ministry official Somsak said a number of government agencies are working together to monitor the situation and provide advice to the public. Somsak said anyone affected by the ransomware should alert the Thailand Computer Emergency Response Team, or ThaiCert by calling 02-123-1212. The hotline is only available in Thai.
IT security consultant Pichaya Morimoto commended the government and ThaiCert for warning the public in a timely manner, which he said may have helped limit the outbreak.
However, he said negligence and failure to update operating systems could leave some Thai companies vulnerable, since the malware can quickly propagate between computers in a short space of time if they have not applied Microsoft security updates since March.
“If the IT department doesn’t take care of updating Windows, the entire system may be infected,” said Pichaya, who also administers a Thai-language cybersecurity page on Facebook.
Pichaya and Arthit also warned that widespread use of pirated software, which is often unpatched with the latest fixes, may pave the way for WannaCry and its like.
Computers running outdated versions of Windows at underfunded public agencies are also at risk, Arthit added.
“Just ask yourself how many state schools, hospital and universities are using Windows 10?” he said. “Many places still use Vista or even XP.”