Tiong Bahru Plaza's digital directory hit by global ransomware attack: Mall operator

Tiong Bahru Plaza's digital directory hit by global ransomware attack: Mall operator

Tiong Bahru Plaza general manager Karen Siow confirmed that there was no sensitive information in the mall directories and that neither money nor bitcoin were paid to the hackers. 

SINGAPORE: The digital directory service at Tiong Bahru Plaza was affected by the recent ransomware attack that hit dozens of countries earlier this week. 

In a statement sent to Channel NewsAsia on Sunday (May 14), Tiong Bahru Plaza general manager Karen Siow said the shopping centre's management found out about the cyberattack at 5pm on Saturday. 

She confirmed that there was no sensitive information in the mall directories and that neither money nor bitcoins were paid to the hackers. 

"There is no other anticipated impact from this malware as the digital directory systems, from the onset, run on a separate network from the rest of the corporate networks of AsiaMalls," she said. 

She added that the digital directory service is provided to the mall by a third-party vendor, and that the vendor's system has been disconnected from the board while a software patch is being installed. 

"We will continue to monitor the situation with the third-party vendor and remain vigilant against any future incidences," she added. 

A representative from the third-party vendor MediaOnline International told Channel NewsAsia that an isolated network, which contains one server and 12 directory systems, were hit by the ramsomware attack.

The display directories that were affected included those at Tiong Bahru Plaza and White Sands shopping centre, MediaOnline director Dennis So said.

“No third-party system was affected during this attack,” Mr So added. 

Further investigations by MediaOnline on Sunday revealed that the 12 systems did not have the latest software patch installed. They were hit by the WannaCry virus as the network was registered under a public IP address, Mr So said.

He added that Tiong Bahru Plaza directories will be fully restored on Sunday.

“We have fixed all the affected systems by replacing the HDD with a new master image with all latest MS patches, disabled SMB access and hardened the system by using a higher security mode of operation,” Mr Soh said.


Photos of a similar malware message on a display screen belonging to a Desigual outlet at Orchard Central are also circulating online. 

Desigual Orchard Central ransomware
Photo sent by a Facebook user indicating the affected display screen at the Desigual store in Orchard Central. 

Channel NewsAsia has reached out to Desigual for comment. 

The Cyber Security Agency of Singapore (CSA) has said that no Government agencies or critical information infrastructure were affected by the attack, whose suspected culprit is a ransomware known as WannaCry - said to lock users' files unless they pay a designated sum in virtual currency. 

CSA's director for the National Cyber Incident Response Centre Dan Yock Hau told Channel NewsAsia on Sunday that those affected should not pay the ransom as indicated in the malware message as there have been instances where users were unable to access their files even after paying. 

"While affected users may choose to pay ransom to access their files again, users are advised not to pay the ransom as there is no guarantee that their files can be recovered even if they have done so," he said.  

In an online advisory released on Sunday evening, CSA said Singapore has seen "a number of victims" struck by the WannaCry ransomware. 

It recommends that users adopt a "prevention is better than cure" principle by installing a patch and verifying sources of any uninvited documents sent through email. 

"Always make backup of your important files and documents, this will save you when you have to restore your files and documents when needed," the advisory said. 

Additional reporting by Lee Li Ying. 

Source: CNA/am