New computer virus spreads from Ukraine to disrupt world business

A user takes a selfie in front of a laptop at WPP, a British multinational advertising and public relations company in Hong Kong, China June 28, 2017 in this picture obtained from social media. INSTAGRAM/KENNYMIMO via REUTERS

By Eric Auchard and Dustin Volz

FRANKFURT/WASHINGTON (Reuters) – A computer virus wreaked havoc on firms around the globe on Wednesday as it spread to more than 60 countries, disrupting ports from Mumbai to Los Angeles and halting work at a chocolate factory in Australia.

Risk-modeling firm Cyence said economic losses from this week’s attack and one last month from a virus dubbed WannaCry would likely total $8 billion. That estimate highlights the steep tolls businesses around the globe face from growth in cyber attacks that knock critical computer networks offline.

“When systems are down and can’t generate revenue, that really gets the attention of executives and board members,” said George Kurtz, chief executive of security software maker CrowdStrike. “This has heightened awareness of the need for resiliency and better security in networks.”

The virus, which researchers are calling GoldenEye or Petya, began its spread on Tuesday in Ukraine. It infected machines of visitors to a local news site and computers downloading tainted updates of a popular tax accounting package, according to national police and cyber experts.

It shut down a cargo booking system at Danish shipping giant A.P. Moller-Maersk <MAERSKb.CO>, causing congestion at some of the 76 ports around the world run by its APM Terminals subsidiary..

Maersk said late on Wednesday that the system was back online: “Booking confirmation will take a little longer than usual but we are delighted to carry your cargo,” it said via Twitter.

U.S. delivery firm FedEx said its TNT Express division had been significantly affected by the virus, which also wormed its way into South America, affecting ports in Argentina operated by China’s Cofco.

The malicious code encrypted data on machines and demanded victims $300 ransoms for recovery, similar to the extortion tactic used in the global WannaCry ransomware attack in May.

Security experts said they believed that the goal was to disrupt computer systems across Ukraine, not extortion, saying the attack used powerful wiping software that made it impossible to recover lost data.

“It was a wiper disguised as ransomware. They had no intention of obtaining money from the attack,” said Tom Kellermann, chief executive of Strategic Cyber Ventures.

Brian Lord, a former official with Britain’s Government Communications Headquarters (GCHQ) who is now managing director at private security firm PGI Cyber, said he believed the campaign was an “experiment” in using ransomware to cause destruction.

“This starts to look like a state operating through a proxy,” he said.

ETERNAL BLUE

The malware appeared to leverage code known as “Eternal Blue” believed to have been developed by the U.S. National Security Agency.

Eternal Blue was part of a trove of hacking tools stolen from the NSA and leaked online in April by a group that calls itself Shadow Brokers, which security researchers believe is linked to the Russian government.

That attack was noted by NSA critics, who say the agency puts the public at risk by keeping information about software vulnerabilities secret so that it can use them in cyber operations.

U.S. Representative Ted Lieu, a Democrat, on Wednesday called for the NSA to immediately disclose any information it may have about Eternal Blue that would help stop attacks.

“If the NSA has a kill switch for this new malware attack, the NSA should deploy it now,” Lieu wrote in a letter to NSA Director Mike Rogers.

The NSA did not respond to a request for comment and has not publicly acknowledged that it developed the hacking tools leaked by Shadow Brokers.

The target of the campaign appeared to be Ukraine, an enemy of Russia that has suffered two cyber attacks on its power grid that it has blamed on Moscow.

ESET, a Slovakian cyber-security software firm, said 80 percent of the infections detected among its global customer base were in Ukraine, followed by Italy with about 10 percent.

Ukraine has repeatedly accused Moscow of orchestrating cyber attacks on its computer networks and infrastructure since Russia annexed Crimea in 2014.

The Kremlin, which has consistently rejected the accusations, said on Wednesday it had no information about the origin of the attack, which also struck Russian companies including oil giant Rosneft <ROSN.MM> and a steelmaker.

“Unfounded blanket accusations will not solve this problem,” said Kremlin spokesman Dmitry Peskov.

Austria’s government-backed Computer Emergency Response Team (CERT) said “a small number” of international firms appeared to be affected, with tens of thousands of computers taken down.

Microsoft, Cisco Systems Inc and Symantec Corp <SYMC.O> said they believed the first infections occurred in Ukraine when malware was transmitted to users of a tax software program.

Russian security firm Kaspersky said a news site for the Ukraine city of Bakhumut was also hacked and used to distribute the ransomware.

A number of the victims were international firms with have operations in Ukraine.

They include French construction materials company Saint Gobain <SGOB.PA>, BNP Paribas Real Estate <BNPP.PA>, and Mondelez International Inc <MDLZ.O>, which owns Cadbury chocolate.

Production at the Cadbury factory on the Australian island state of Tasmania ground to a halt late on Tuesday after computer systems went down.

(Additional reporting by Jack Stubbs in Moscow, Alessandra Prentice in Kiev, Helen Reid in London, Teis Jensen in Copenhagen, Maya Nikolaeva in Paris, Shadia Naralla in Vienna, Marcin Goettig in Warsaw, Byron Kaye in Sydney, John O’Donnell in Frankfurt, Ari Rabinovitch in Tel Aviv, Noor Zainab Hussain in Bangalore; Writing by Eric Auchard, David Clarke and Jim Finkle; Editing by David Clarke and Andrew Hay)

More disruptions feared from cyber attack; Microsoft slams government secrecy

Indonesia's Minister of Communications and Information, Rudiantara, speaks to journalists during a press conference about the recent cyber attack, at a cafe in Jakarta, Indonesia

By Dustin Volz and Eric Auchard

WASHINGTON/FRANKFURT (Reuters) – Officials across the globe scrambled over the weekend to catch the culprits behind a massive ransomware worm that disrupted operations at car factories, hospitals, shops and schools, while Microsoft on Sunday pinned blame on the U.S. government for not disclosing more software vulnerabilities.

Cyber security experts said the spread of the worm dubbed WannaCry – “ransomware” that locked up more than 200,000 computers in more than 150 countries – had slowed but that the respite might only be brief amid fears new versions of the worm will strike.

In a blog post on Sunday, Microsoft President Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: The ransomware attack leveraged a hacking tool, built by the U.S. National Security Agency, that leaked online in April.

“This is an emerging pattern in 2017,” Smith wrote. “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.”

He also poured fuel on a long-running debate over how government intelligence services should balance their desire to keep software flaws secret – in order to conduct espionage and cyber warfare – against sharing those flaws with technology companies to better secure the internet.

“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” Smith wrote. He added that governments around the world should “treat this attack as a wake-up call” and “consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”

The NSA and White House did not immediately respond to requests for comment about the Microsoft statement.

Economic experts offered differing views on how much the attack, and associated computer outages, would cost businesses and governments.

The non-profit U.S. Cyber Consequences Unit research institute estimated that total losses would range in the hundreds of millions of dollars, but not exceed $1 billion.

Most victims were quickly able to recover infected systems with backups, said the group’s chief economist, Scott Borg.

California-based cyber risk modeling firm Cyence put the total economic damage at $4 billion, citing costs associated with businesses interruption.

U.S. President Donald Trump on Friday night ordered his homeland security adviser, Tom Bossert, to convene an “emergency meeting” to assess the threat posed by the global attack, a senior administration official told Reuters.

Senior U.S. security officials held another meeting in the White House Situation Room on Saturday, and the FBI and the NSA were working to help mitigate damage and identify the perpetrators of the massive cyber attack, said the official, who spoke on condition of anonymity to discuss internal deliberations.

The investigations into the attack were in the early stages, however, and attribution for cyber attacks is notoriously difficult.

The original attack lost momentum late on Friday after a security researcher took control of a server connected to the outbreak, which crippled a feature that caused the malware to rapidly spread across infected networks.

Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too difficult to patch without possibly disrupting crucial operations, security experts said.

Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.

Code for exploiting that bug, which is known as “Eternal Blue,” was released on the internet last month by a hacking group known as the Shadow Brokers.

The head of the European Union police agency said on Sunday the cyber assault hit 200,000 victims in at least 150 countries and that number would grow when people return to work on Monday.

MONDAY MORNING RUSH?

Monday was expected to be a busy day, especially in Asia, which may not have seen the worst of the impact yet, as companies and organizations turned on their computers.

“Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing emails” or other as yet unconfirmed ways the worm may propagate, said Christian Karam, a Singapore-based security researcher.

The attack hit organizations of all sizes.

Renault said it halted manufacturing at plants in France and Romania to prevent the spread of ransomware.

Other victims include is a Nissan manufacturing plant in Sunderland, northeast England, hundreds of hospitals and clinics in the British National Health Service, German rail operator Deutsche Bahn and international shipper FedEx Corp

A Jakarta hospital said on Sunday that the cyber attack had infected 400 computers, disrupting the registration of patients and finding records.

Account addresses hard-coded into the malicious WannaCry virus appear to show the attackers had received just under $32,500 in anonymous bitcoin currency as of (1100 GMT) 7 a.m. EDT on Sunday, but that amount could rise as more victims rush to pay ransoms of $300 or more.

The threat receded over the weekend after a British-based researcher, who declined to give his name but tweets under the profile @MalwareTechBlog, said he stumbled on a way to at least temporarily limit the worm’s spread by registering a web address to which he noticed the malware was trying to connect.

Security experts said his move bought precious time for organizations seeking to block the attacks.

(Additional reporting by Jim Finkle, Neil Jerome Morales, Masayuki Kitano, Kiyoshi Takenaka, Jose Rodriguez, Elizabeth Piper, Emmanuel Jarry, Orathai Sriring, Jemima Kelly, Alistair Smout, Andrea Shalal, Jack Stubbs, Antonella Cinelli, Kate Holton, Andy Bruce, Michael Holden, David Milliken, Tim Hepher, Luiza Ilie, Patricia Rua, Axel Bugge, Sabine Siebold, Eric Walsh, Engen Tham, Fransiska Nangoy, Soyoung Kim, Mai Nguyen and Nick Zieminski; Editing by Mark Heinrich and Peter Cooney)

British hospitals, Spanish firms among targets of huge cyberattack

An ambulance waits outside the emergency department at St Thomas' Hospital in central London, Britain May 12, 2017. REUTERS/Stefan Wermuth

By Costas Pitas and Carlos Ruano

LONDON/MADRID (Reuters) – A huge cyberattack brought disruption to Britain’s health system on Friday and infected many Spanish companies with malicious software, and security researchers said a dozen other countries may be affected.

Hospitals and doctors’ surgeries in parts of England were forced to turn away patients and cancel appointments. People in affected areas were being advised to seek medical care only in emergencies.

“We are experiencing a major IT disruption and there are delays at all of our hospitals,” said the Barts Health group, which manages major London hospitals. Routine appointments had been canceled and ambulances were being diverted to neighboring hospitals.

Telecommunications giant Telefonica was among the targets in Spain, though it said the attack was limited to some computers on an internal network and had not affected clients or services.

Authorities in both countries said the attack was conducted using ‘ransomware’ – malicious software that infects machines, locks them up by encrypting data and demands a ransom to restore access. They identified the type of malware as ‘Wanna Cry’, also known as ‘Wanna Decryptor’.

A Telefonica spokesman said a window appeared on screens of infected computers that demanded payment with the digital currency bitcoin in order to regain access to files.

In Spain, the attacks did not disrupt the provision of services or networks operations of the victims, the government said in a statement. Still, the news prompted security teams at large financial services firms and businesses around the world to review their plans for defending against ransomware attacks, according to executives with private cyber security firms.

A spokeswoman for Portugal Telecom said: “We were the target of an attack, like what is happening in all of Europe, a large scale-attack, but none of our services were affected.”

British based cyber researcher Chris Doman of AlienVault said the ransomware “looks to be targeting a wide range of countries”, with preliminary evidence of infections from 14 countries so far, also including Russia, Indonesia and Ukraine.

PM BRIEFED

A spokesman for British Prime Minister Theresa May said she was being kept informed of the incident, which came less than four weeks before a parliamentary election in which national security and the management of the state-run National Health Service (NHS) are important campaign themes.

Authorities in Britain have been braced for possible cyberattacks in the run-up to the vote, as happened during last year’s U.S. election and on the eve of this month’s presidential vote in France.

But those attacks – blamed on Russia, which has repeatedly denied them – followed a entirely different modus operandi involving penetrating the accounts of individuals and political organizations and then releasing hacked material online.

The full extent of Friday’s disruption in Britain remained unclear.

“This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors,” NHS Digital, the computer arm of the health service, said in a statement.

Britain’s National Cyber Security Centre, part of the GCHQ spy agency, said it was aware of a cyber incident and was working with NHS Digital and the police to investigate.

A reporter from the Health Service Journal said the attack had affected X-ray imaging systems, pathology test results, phone systems and patient administration systems.

Although cyber extortion cases have been rising for several years, they have to date affected small-to-mid sized organizations, disrupting services provided by hospitals, police departments, public transportation systems and utilities in the United States and Europe.

“Seeing a large telco like Telefonica get hit is going to get everybody worried. Now ransomware is affecting larger companies with more sophisticated security operations,” Chris Wysopal, chief technology officer with cyber security firm Veracode, said.

The news is also likely to embolden cyber extortionists when selecting targets, Chris Camacho, chief strategy officer with cyber intelligence firm Flashpoint, said.

“Now that the cyber criminals know they can hit the big guys, they will start to target big corporations. And some of them may not be well prepared for such attacks,” Camacho said.

In Spain, some big firms took pre-emptive steps to thwart ransomware attacks following a warning from Spain’s National Cryptology Centre of “a massive ransomware attack.”

Iberdrola and Gas Natural, along with Vodafone’s unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised, representatives from the firms said.

It was not immediately clear how many Spanish organizations had been compromised by the attacks, if any critical services had been interrupted or whether victims had paid cyber criminals to regain access to their networks.

(Additional reporting by Jim Finkle, Eric Auchard, Jose Rodriguez, Alistair Smout, Kate Holton, Andy Bruce, Michael Holden and David Milliken; Editing by Mark Trevelyan and Ralph Boulton)

Zika risk went beyond Florida’s Miami-Dade County: U.S. officials

A map showing the active Zika zone is on display at the Borinquen Health Care Center in Miami, Florida, U.S. on August 9, 2016. REUTERS/Chris Keane/File Photo

By Julie Steenhuysen

(Reuters) – Local transmission of the Zika virus in Florida may have occurred as early as June 15 of last year and likely infected people who lived not only in Miami-Dade County, but in two nearby counties, U.S. health officials said on Monday.

The warning means that some men who donated semen to sperm banks in the area may not have been aware that they were at risk of infection, and may have donated sperm infected with the Zika virus, officials from the U.S. Centers for Disease Control and Prevention and the Food and Drug Administration told reporters in a telephone briefing.

The information is concerning because Zika has been shown to cause birth defects in women who become infected while pregnant. Previously, the CDC had warned of the risk of Zika in Miami-Dade County, beginning on July 29.

But the new warning dials that risk back to June 15, and adds in both Broward and Palm Beach Counties, home to the major tourist destinations of Fort Lauderdale and Palm Beach.

Zika’s arrival in Florida last summer followed the rapid spread of the mosquito-borne virus through Latin America and the Caribbean.

The World Health Organization last year declared Zika a global health emergency because of its link in Brazil with thousands cases of the birth defect microcephaly, which is marked by small head size and underdeveloped brains that can result in severe developmental problems.

U.S. officials said because of frequent travel between the three Florida counties, some women may have been infected and not been aware of it, either through contracting the infection directly from a mosquito bite while visiting Miami-Dade or through sex with an infected partner who had.

And because Zika has been shown to last up to three months in semen, it may mean some men living in the affected counties may have donated sperm without reporting they were at risk.

CDC Zika expert Dr. Denise Jamieson said the risk applies “particularly (to) women who became pregnant or are planning to become pregnant through the use of donor semen.” She urged these women to “consult their healthcare provider to discuss the donation source and whether Zika virus testing is indicated.”

The new warning came to light through investigations of several cases of Zika reported by the Florida Health Department late last year that suggested residents of Palm Beach or Broward counties may have become infected while traveling back and forth from Miami-Dade. According to the CDC, a total of 215 people are believed to have contracted Zika in Florida last year through the bite of a local mosquito. But since only one in five people infected with Zika become ill, experts believe the actual number was higher.

Officials said they weren’t aware of any women who contracted Zika from infected semen donated to one of the 12 sperm banks in the three-county area. There is no approved test for Zika in sperm.

Jamieson said the CDC does not have any new evidence of local Zika transmission, but said it may occur again in the coming year, adding that the CDC was “on the lookout for additional cases of Zika.”

A recent CDC study estimates that Zika infections cause a twenty-fold spike in the risk of certain birth defects, including microcephaly.

(Reporting by Julie Steenhuysen in Chicago; Editing by Sandra Maler and Mary Milliken)

Bird flu strikes Tennessee chickens again, in a less-dangerous form

The Avian influenza virus is harvested from a chicken egg as part of a diagnostic process in this undated U.S. Department of Agriculture (USDA) handout image. REUTERS / Erica Spackman / USDA / Handout via Reuters

By Tom Polansek

CHICAGO (Reuters) – A commercial flock of 17,000 chickens in Tennessee has been culled after becoming infected with low-pathogenic bird flu, state agricultural officials said on Thursday, days after a more dangerous form of the disease killed poultry in a neighboring county.

Authorities killed and buried chickens at the site in Giles County, Tennessee, “as a precaution” after a case of highly pathogenic flu in Lincoln County led to the deaths of about 73,500 chickens over the weekend, according to the Tennessee Department of Agriculture. It said officials did not believe birds at one premise sickened those at the other.

Highly pathogenic bird flu is often fatal for domesticated poultry and led to the deaths of about 50 million birds, mostly egg-laying hens, in the United States in 2014 and 2015. Low-pathogenic flu is less serious and can cause coughing, depression and other symptoms in birds.

The highly pathogenic case in Tennessee was the first such infection in a commercial U.S. operation in more than a year and heightened fears among chicken producers that the disease may return.

The spread of highly pathogenic flu could represent a financial blow for poultry operators, such as Tyson Foods Inc and Pilgrim’s Pride Corp, because it would kill more birds or require flocks to be culled. It also would trigger more import bans from other countries, after South Korea, Japan and other nations limited imports because of the case in Lincoln County.

Jack Shere, chief veterinary officer for the U.S. Department of Agriculture, said in an interview that there was speculation the highly pathogenic virus found in Tennessee shared similar characteristics with a low-pathogenic virus that circulated in Tennessee, Kentucky, Minnesota and Illinois in 2009.

Wild migratory birds can carry the flu without showing symptoms and spread it to poultry through feces, feathers or other contact.

“This virus can mutate very easily, so low-pathogenic issues are just as important – when they are circulating among the wild birds – as the high-pathogenic issues,” Shere said.

Both cases in Tennessee were located along the state’s southern border with Alabama, one of the country’s top producers of “broiler” chickens for meat. They also were both in facilities for chickens that bred broiler birds and involved the same strain, H7N9, according to Tennessee’s agriculture department.

The state said it was testing poultry within a 10-kilometer radius of the Giles County site for the flu and so far had not found any other sick flocks.

“When routine testing showed a problem at this facility, the operators immediately took action and notified our lab,” said Charles Hatcher, Tennessee’s state veterinarian.

H7N9 is the same name as a strain of the virus that has killed people in China, but U.S. authorities said the Tennessee virus was genetically distinct.

U.S. officials have said the risk of bird flu spreading to people from poultry or making food unsafe was low.

Low-pathogenic bird flu also was recently detected on a turkey farm in Wisconsin. Authorities there decided to keep the birds under quarantine until they tested negative for the virus, rather than to cull them, according to the state.

(Additional reporting by Mark Weinraub in Washington, D.C.; Editing by G Crosse, Richard Chang and Bernard Orr)

U.S. reports low pathogenic bird flu outbreak in Wisconsin: OIE

PARIS (Reuters) – The United States reported an outbreak of avian flu on a farm in Wisconsin, the second in the country in less than a week although the virus found this time is considered less virulent, the World Organisation for Animal Health (OIE) said on Tuesday.

A strain of low pathogenic H5N2 avian flu has been discovered in a flock of 84,000 turkeys in Barron County, Wisconsin, the U.S. Department of Agriculture (USDA) said in a report posted on the website of the Paris-based OIE.

The USDA said the turkey flock was tested after birds showed signs of depression and the infected premises were quarantined.

The new outbreak comes after the detection of highly pathogenic H7 bird flu last week in a chicken breeder flock in Tennessee farm contracted by U.S. food giant Tyson Foods Inc.

As opposed to highly pathogenic strains which can cause high mortality rates among poultry, low pathogenic ones typically cause few or no clinical signs in birds.

In 2014 and 2015, during a widespread outbreak of highly pathogenic avian flu, primarily of the H5N2 strain, the United States killed nearly 50 million birds, mostly egg-laying hens. The losses pushed U.S. egg prices to record highs.

The USDA said tests had shown that the H5N2 virus detected in Wisconsin was of North American wild bird origin and distinct from the H5N2 viruses found in 2015.

The risk of human infection in poultry outbreaks is low, although in China more than 110 people died this winter amid an outbreak of the H7N9 virus in birds.

The detection of a first case of bird flu in the United States this year prompted several Asian countries, including South Korea, Japan, Taiwan and Hong Kong, to limit imports of U.S. poultry.

(Reporting by Sybille de La Hamaide and Gus Trompiz, editing by David Evans)

Hard to detect, China bird flu virus may be more widespread

quarantine researcher checking chickens on poultry farm for bird flu

By Dominique Patton

BEIJING (Reuters) – Bird flu infection rates on Chinese poultry farm

BEIJING (Reuters) – Bird flu infection rates on Chinese poultry farms may be far higher than previously thought, because the strain of the deadly virus that has killed more than 100 people this winter is hard to detect in chickens and geese, animal health experts say.

s may be far higher than previously thought, because the strain of the deadly virus that has killed more than 100 people this winter is hard to detect in chickens and geese, animal health experts say.

Poultry that have contracted the H7N9 strain of the avian flu virus show little or no sign of symptoms. That means any infection is only likely to be detected if farmers or health authorities carry out random tests on a flock, the experts said.

But in humans, it can be deadly.

That’s different to other strains, such as the highly pathogenic H5N6 that struck South Korean farms in December, prompting the government to call in the army to help cull some 26 million birds.

But that strain didn’t kill any people.

There have been multiple outbreaks of bird flu around the world in recent months, with at least half a dozen different strains circulating. The scale of the outbreaks and range of viral strains increases the chances of viruses mixing and mutating, with new versions that can spread more easily between people, experts say.

For now, H7N9 is thought to be relatively difficult to spread between people. China’s Center for Disease Control and Prevention has said the vast majority of people infected by H7N9 reported exposure to poultry, especially at live markets.

“There are very few, if any, clinical signs when this (H7N9) virus infects birds, and that’s the main reason we’re not seeing reporting coming from poultry farms in China,” said Matthew Stone, deputy director general for International Standards and Science at the World Organisation for Animal Health (OIE).

INTENSIVE OUTBREAK

As many as 79 people died from H7N9 bird flu in China in January alone, up to four times higher than the same month in past years.

While spikes in contamination rates are normal in January – the main influenza season – the high level of human infections has prompted fears the spread of the virus among people could be the highest on record – especially as the number of bird flu cases reported by farmers has been conspicuously low.

The high number of human infections points to a significant outbreak in the poultry population that is not being detected, says Guan Yi, director of the State Key Laboratory of Emerging Infectious Diseases and the Center of Influenza Research at the University of Hong Kong.

“If we have so many human infections, naturally it reflects activity, an intensive outbreak in chickens. They are highly associated,” he said.

China has the world’s largest flock of chickens, ducks and geese, and slaughtered more than 11 billion birds for meat in 2014, according to the United Nations’ Food and Agriculture Organisation (FAO).

The last major bird flu outbreak in China, in 2013, killed 36 people and cost the farming industry around $6.5 billion.

CONTROL CHALLENGE

The experts’ assessment underscores the challenge for China’s government and health ministry in monitoring and controlling the H7N9 outbreak in both people and poultry.

While, with few visible signs of infection in birds, it’s easier for farmers to flout the reporting rules and continue selling poultry at market, Stone at the OIE said China has a “very significant” surveillance program at live markets.

The government promised on Thursday to tighten controls on markets and poultry transport to help battle the virus.

The agriculture ministry last month collected more than 102,000 serum samples and 55,000 virological samples from birds in 26 provinces. Of the latter samples, only 26 tested positive for the virus, according to data on the ministry’s website.

But the rapid rise in human infections and spread to a wider geographic area is likely to increase pressure on Beijing to do more poultry testing at markets and on farms.

The ministry did not respond to faxed questions on its surveillance efforts.

The National Health and Family Planning Commission said on Thursday the spread of H7N9 among people was slowing.

Some Chinese netizens have called for more timely reports on infections, and some experts have said China has been slow to respond to the human outbreak. The authorities have warned the public to stay alert for the virus, cautioning against panic.

Others played down the threat to humans, as long as they stay away from live markets.

“As scientists, we should be watching this outbreak and the effectiveness of any control measures,” said Ian Mackay, a virologist and associate professor at the University of Queensland in Australia. “We don’t have a vaccine available for H7N9 in humans, but we do have effective antivirals.”

“So far, the virus does not spread well between humans,” he added. “As members of the public, who do not seek out live poultry from markets in China, we have almost nothing to worry about from H7N9 right now.”

(Reporting by Dominique Patton in BEIJING, with additional reporting by Ben Hirschler in LONDON; Editing by Josephine Mason and Ian Geoghegan)

Proliferation of bird flu outbreaks raises risk of human pandemic

wokers gather ducks that may have bird flu

By Kate Kelland

LONDON (Reuters) – The global spread of bird flu and the number of viral strains currently circulating and causing infections have reached unprecedented levels, raising the risk of a potential human outbreak, according to disease experts.

Multiple outbreaks have been reported in poultry farms and wild flocks across Europe, Africa and Asia in the past three months. While most involve strains that are currently low risk for human health, the sheer number of different types, and their presence in so many parts of the world at the same time, increases the risk of viruses mixing and mutating – and possibly jumping to people.

“This is a fundamental change in the natural history of influenza viruses,” Michael Osterholm, an infectious disease specialist at University of Minnesota, said of the proliferation of bird flu in terms of geography and strains – a situation he described as “unprecedented”.

Global health officials are worried another strain could make a jump into humans, like H5N1 did in the late 1990s. It has since caused hundreds of human infections and deaths, but has not acquired the ability to transmit easily from person to person.

The greatest fear is that a deadly strain of avian flu could then mutate into a pandemic form that can be passed easily between people – something that has not yet been seen.

While avian flu has been a prominent public health issue since the 1990s, ongoing outbreaks have never been so widely spread around the world – something infectious disease experts put down to greater resilience of strains currently circulating, rather than improved detection or reporting.

While there would normally be around two or three bird flu strains recorded in birds at any one time, now there are at least half a dozen, including H5N1, H5N2, H5N8 and H7N8.

The Organization for Animal Health (OIE) says the concurrent outbreaks in birds in recent months are “a global public health concern”, and the World Health Organization’s director-general warned this week the world “cannot afford to miss the early signals” of a possible human flu pandemic.

The precise reasons for the unusually large number and sustained nature of bird outbreaks in recent months, and the proliferation of strains, is unclear – although such developments compound the global spreading process.

Bird flu is usually spread through flocks through direct contact with an infected bird. But Osterholm said wild birds could be “shedding” more of the virus in droppings and other secretions, increasing infection risks. He added that there now appears to be “aerosol transmission from one infected barn to others, in some cases many miles away”.

Ian MacKay, a virologist at Australia’s University of Queensland, said the current proliferation of strains means that “by definition, there is an increased risk” to humans.

“You’ve got more exposures, to more farmers, more often, and in greater numbers, in more parts of the world – so there has to be an increased risk of spillover human cases,” he told Reuters.

BRITAIN TO BANGLADESH

Nearly 40 countries have reported new outbreaks of highly pathogenic avian influenza in poultry or wild birds since November, according to the WHO.

In China, H7N9 strains of bird flu have been infecting both birds and people, with the of human cases rising in recent weeks due to the peak of the flu season there. According to the WHO, more than 900 people have been infected with H7N9 bird flu since it emerged in early 2013.

In birds, latest data from the OIE should that outbreaks of highly pathogenic avian flu have been detected in Britain, Italy, Kuwait and Bangladesh in the last few days alone.

Russia’s agriculture watchdog issued a statement describing the situation as “extremely tense” as it reported H5N8 flu outbreaks in another four regions. Hungarian farmers have had to cull 3 million birds, mostly geese and ducks.

These come on top of epidemics across Europe and Asia which have been ongoing since late last year, leading to mass culling of poultry in many countries.

Strains currently documented as circulating in birds include H5N8 in many parts of Europe as well as in Kuwait, Egypt and elsewhere, and H5N1 in Bangladesh and India.

In Africa – which experts say is especially vulnerable to missing flu outbreak warning signs due to limited local government capacities and weak animal and human health services – H5N1 outbreaks have been reported in birds in Burkina Faso, Cameroon, Ghana, Niger, Nigeria and Togo. H5N8 has been detected in Tunisia and Egypt, and H7N1 in Algeria.

The United States has, so far this year, largely escaped bird flu, but is on high alert after outbreaks of H5N2, a highly pathogenic bird flu, hit farms in 15 states in 2015 and led to the culling of more than 43 million poultry.

David Nabarro, a former senior WHO official who has also served as U.N. system senior coordinator for avian and human influenza, says the situation is worrying. “For me the threat from avian influenza is the most serious (to public health), because you never know when,” he told Reuters in Geneva.

HIGHLY PATHOGENIC H5N1

H5N1 is under close surveillance by health authorities around the world. It has long been seen as one to watch, feared by infectious disease experts because of its pandemic potential if it were to mutate an acquire human-to-human transmission capability.

A highly pathogenic virus, it jumped into humans in Hong Kong in 1997 and then re-emerged in 2003/2004, spreading from Asia to Europe and Africa. It has caused hundreds of infections and deaths in people and prompted the culling of hundreds of millions of poultry.

Osterholm noted that some currently circulating H5 strains – including distant relatives of H5N1 – are showing significant capabilities for sustaining their spread between wild flocks and poultry, from region to region and farm to farm.

“What we’re learning about H5 is, that whether its H5N6, H5N8, H5N2 or H5N5, this is a very dangerous bird virus.”

Against that background, global health authorities and infectious disease experts want awareness, surveillance and vigilance stepped up.

Wherever wild birds are found to be infected, they say, and wherever there are farms or smallholdings with affected poultry or aquatic bird flocks, regular, repeated and consistent testing of everyone and anyone who comes into contact is vital.

“Influenza is a very tough beast because it changes all the time, so the ones we’re tracking may not include one that suddenly emerges and takes hold,” said MacKay.

“Right now, it’s hard to say whether we’re doing enough (to keep on top of the threat). I guess that while it isn’t taking off, we seem to be doing enough.”

(Additional reporting by Ed Stoddard in Johannesburg, Stephanie Nebehay in Geneva, Polina Devitt in Moscow and Sybille de La Hamaide in Paris; Editing by Pravin Char)

Saudi Arabia warns on cyber defense as Shamoon resurfaces

man on keyboard graphic

KHOBAR, Saudi Arabia (Reuters) – Saudi Arabia on Monday warned organizations in the kingdom to be on the alert for the Shamoon virus, which cripples computers by wiping their disks, as the labor ministry said it had been attacked and a chemicals firm reported a network disruption.

An alert from the telecoms authority seen by Reuters advised all parties to be vigilant for attacks from the Shamoon 2 variant of the virus that in 2012 crippled tens thousands of computers at oil giant Saudi Aramco.

Shamoon disrupts computers by overwriting the master book record, making it impossible for them to start up. Former U.S. Defense Secretary Leon Panetta said the 2012 Shamoon attack on Saudi Aramco was probably the most destructive cyber attack on a private business.

In the 2012 hacks, images of a burning U.S. flag were used to overwrite the drives of victims including Saudi Aramco and RasGas Co Ltd. In the recent attacks, an image of the body of 3-year-old drowned Syrian refugee Alan Kurdi was used in recent attacks, according to U.S. security researchers.

The Shamoon hackers were likely working on behalf of the Iranian government in the 2012 campaign and the more-recent attacks, said Adam Meyers, vice president with cyber security firm CrowdStrike. “It’s likely they will continue,” he said.

State-controlled Al Ekhbariya TV said on Twitter, using the hash tag #Shamoon, that several Saudi organizations had been targeted in recent cyber attacks.

The state news agency, meanwhile, said the labor ministry had been hit by a cyber attack, but that it did not impact its data.

Jubail-based Sadara Chemical Co, a joint venture firm owned by Saudi Aramco and U.S. company Dow Chemical, said it had experienced a network disruption on Monday morning and was working to resolve the issue.

The company made the disclosure on its official Twitter account after the warning by Al Ekhbariya TV, which cited the telecoms authority.

It did not say whether the disruption was due to a cyber attack but said as a precautionary measure it had stopped all services related to the network.

Other companies in Jubail, the hub of the Saudi petrochemicals industry, also experienced network disruptions, according to sources who were not authorized to publicly discuss the matter.

Those companies sought to protect themselves from the virus by shutting down their networks, said the sources, who declined to identify specific firms.

(Reporting by Reem Shamseddine. Additional reporting by Jim Finkle.; Writing By Maha El Dahan; Editing by Mark Potter and Andrew Hay)

Zika striking women at higher rates than men: U.S. study

woman near Zika poster

By Julie Steenhuysen

CHICAGO (Reuters) – Adult women in Puerto Rico were significantly more likely to develop Zika than men, researchers said on Thursday, raising new questions about the potential role of sexual transmission of the virus from males to females.

The study, published in the U.S. Centers for Disease Control and Prevention’s weekly report on death and disease, evaluated more than 29,000 laboratory-confirmed cases of Zika since the outbreak began in Puerto Rico in November 2015.

The data show that of all Zika cases with laboratory evidence of infection, 62 percent were female. The results pattern similar observations from Brazil and El Salvador, the authors said.

One obvious explanation might be that pregnant women are more likely than men to seek treatment for Zika because of the potential risk of birth defects.

To account for that, the researchers excluded all pregnant women who tested positive for the virus. Of the remaining 28,219 non-pregnant women and men testing positive for Zika, 61 percent of these cases occurred in women over the age of 20.

The Zika findings differ from prior outbreaks in Puerto Rico of arboviruses transmitted by the same mosquitoes as Zika. For example, in the 2010 dengue outbreak and the 2014 chikungunya outbreak, infections were equally distributed among men and women.

“It is possible that male-to-female sexual transmission is a contributing factor to this skewing of the burden of disease toward women,” the CDC said in a statement summarizing the findings.

However, the contribution of sexual transmission to overall Zika rates is just beginning to be explored, the CDC said. It could be that women are more likely than men to seek care if they are sick, or that women are more likely to develop Zika symptoms if they become infected.

The CDC is conducting blood tests of individuals living near people with confirmed Zika to try to answer some of these questions.

Zika infections in pregnant women have been shown to cause microcephaly – a severe birth defect in which the head and brain are undersized – as well as other brain abnormalities. The connection between Zika and microcephaly first came to light last year in Brazil, which has since confirmed more than 2,000 cases of microcephaly.

(Reporting by Julie Steenhuysen; Editing by Andrew Hay)