By John O'Donnell and Alexander Winning
FRANKFURT/MOSCOW (Reuters) - Banks have tightened their security systems and increased their surveillance after the global cyber assault on individuals and organizations worldwide.
Capitalizing on spying tools believed to have been developed by the U.S. National Security Agency, the "ransomware" attack launched on Friday has infected tens of thousands of computers in 104 countries, putting the financial industry on high alert.
It halted the production lines of a European carmaker and delayed surgical operations in Britain's National Health Service.
Many suspected infections were of Russian computers. Russia's central bank said it had recorded harmful software being sent en masse to Russian banks but that the attacks had been unsuccessful.
Sberbank, the country's biggest lender, said viruses had not got into its systems. The bank said it was nonetheless "on high alert".
Russia is more vulnerable to attack because organizations there often use outdated technology as an economic slowdown squeezes spending.
Many banks in Europe said they had stepped up efforts to prevent attackers getting through.
One person helping coordinate banks' response said they were setting up back-up systems for data and introducing security upgrades.
"The banks' greatest fear is copycat attacks," said Keith Gross, who chairs the European Banking Federation's cybersecurity working group. "So they are updating like a wild thing."
Germany's savings banks, the largest and most powerful financial group in the country, received reminders from the group's information technology company to install updates.
One large British bank said they had drafted people in to work over the weekend, having been subject to a similar attack earlier this year.
A European investment bank said it was accelerating the process of "patching" software following the incident.
Spanish banks La Caixa, Bankinter and Sabadell said they had all taken measures.
"We weren't attacked but we took preventative measures about the cyber-attack over the whole weekend. There is an emergency committee that is reporting constantly and we have conference calls every eight hours. We can't drop our guard", said a Sabadell spokesman.
Banks generally have more robust cyber defenses than other sectors, because of the sensitive nature of their industry and to meet regulatory requirements.
But aging technology and banks' attractiveness to hackers means they are often targets.
Last year 2.5 million pounds ($3.23 million) was taken from small British lender Tesco Bank. The identity of the culprits remains unknown.
Other UK banks including HSBC and Royal Bank of Scotland have suffered cyber attacks in the past two years that have brought their online services down.
A survey of cyber security and risk experts released last Friday by insurer AIG found the financial services industry had been identified as the most likely to experience a systemic attack.
In the United Kingdom on Monday, the government's National Cyber Security Centre said it was distributing advice to raise awareness of the threat, including to the financial industry.
Across the globe, regulators took similar steps.
The Hong Kong Securities and Futures Commission issued a circular warning groups to be on alert and take action such as security updates and offline backups.
It instructed firms to "take immediate actions to critically review and assess the effectiveness of their cybersecurity controls".
India's IndusInd Bank said on Monday the attack had affected a few systems, but those had been quarantined over the weekend and it had moved quickly to patch its systems.
For the most part, however, banks remained insulated from the cyber attack.
"In the NHS, the technology they are using it out of date," said Paul Edon of cyber security group Tripwire. "Banks have six to eight levels of defense."
(Additional reporting by Andres Gonzales, Euan Rocha in Mumbai and Michelle Price in Hong Kong; Writing by John O'Donnell; Editing by Andrew Roche)