Cyber Incident Victim: Hitachi
Date:
May 2017
Location:
United Kingdom
Summary
A global ransomware attack disrupted over 200,000 computers across 150 countries, impacting critical sectors including healthcare, government services, transportation, and corporations. The malware encrypted files and demanded payments, severely affecting UK hospitals, Russian government systems, Chinese universities, and a Japanese conglomerate experiencing email and file delivery failures. Operational disruptions included halted production at automotive plants, disabled police systems in India, payment system failures at Chinese petrol stations, and locked patient records in Indonesian hospitals. While some organizations mitigated impacts through isolated networks or software patches, widespread system outages forced many institutions to resort to manual processes, with educational and healthcare entities facing particularly severe consequences due to reliance on outdated systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The WannaCry ransomware attack emerged globally around May 12, 2017, rapidly infecting over 200,000 computers across 150 countries. The malware encrypted files on vulnerable Windows systems, demanding ransom payments—typically $300—to restore access. Critical infrastructure sectors were heavily impacted, including healthcare, transportation, energy, and manufacturing. In the United Kingdom, 48 National Health Service (NHS) trusts and 13 Scottish NHS organizations experienced severe disruptions, forcing hospitals to cancel appointments and divert emergency patients. Attackers displayed ransom notes on NHS screens with messages like "Ooops, your files have been encrypted!" Nissan's Sunderland car factory halted production temporarily due to infected systems, while Renault suspended operations at multiple sites before restoring 90% of factory functions within days. Germany's Deutsche Bahn railway company reported compromised electronic arrival/departure boards at stations, though train services continued uninterrupted.
Russia suffered the highest volume of attack attempts according to Kaspersky Lab, with the interior ministry confirming approximately 1,000 infected computers. Critical government servers avoided compromise by using domestically developed Elbrus operating systems instead of Windows. China experienced widespread disruptions at nearly 30,000 institutions, including universities where students faced ransom demands threatening their end-of-year projects. Payment systems at China National Petroleum Corporation petrol stations in Chongqing failed, forcing cash-only transactions. Indonesia's Dharmais Cancer Hospital resorted to manual paper records after patient files were locked, causing hours-long delays. In Japan, approximately 2,000 computers across 600 companies were infected. Hitachi specifically reported operational disruptions including email delivery delays and file transfer failures, attributing these issues to the WannaCry attack though no ransom demands manifested in their systems. South Korea confirmed nine ransomware cases affecting CJ CGV cinema chain's advertisement servers at 50 locations, while India contained damage to police systems in Andhra Pradesh through preemptive security patches. Telefónica in Spain isolated infected equipment, and other Spanish firms like Iberdrola implemented emergency shutdowns of computer systems to prevent further spread.