Four of the city's biggest internet service providers fell victim to an international cyberattack that also affected 10,000 patients' health records held by Chinese University.
Servers at PCCW, Netvigator, Hong Kong Broadband Network (HKBN) and Hutchison Global Communications were among more than half a million targeted globally. The hackers succeeded in the taking hostage a couple of hundred of servers, including 14 in Hong Kong.
The telecoms firms affected hosted devices, or servers, on networks compromised by hackers called Synolocker, according to data provided by internet monitoring company Shodan.
A spokeswoman for HKBN, which had seven servers affected, said: "We can confirm that seven of those [web server] IP addresses are owned by HKBN.
"We suspect the end user's device might have been hacked or attacked. The customer would not complain to the ISP [internet service provider], as it's their own responsibility to install appropriate firewall or shield software to protect their own device from hacking or attack."
Ivan Ho, spokesman for Netvigator and PCCW parent company Hong Kong Telecom, said that despite four servers being affected, the integrity of the HKT network was not compromised.
"Should the devices of any of our customers become affected, we would not disclose information about customers," he said.
Hutchison, which had two servers affected, did not respond to requests for comment.
Shodan monitors web servers for known faults and issues, and detected malicious activity at the four Hong Kong providers and Chinese University. The attack on the university's faculty of medicine specifically targeted the Centre for Liver Health and Institute of Digestive Disease.
Using file encryption technology, hackers targeted servers known as network-attached storage (NAS) through vulnerability in the hardware made by Taiwanese firm Synology.
The perpetrators asked for a ransom to be paid in bitcoins worth US$350. Unless companies or individuals pay up, the data could be lost or misused by a third party.
Shodan founder John Matherly described the global hacking attack as a "very serious" incident. He said malicious people were getting better at writing software to extort money from the average user.
Antti Tikkanen, director of response at online security company F-Secure, said malware authors "have recently taken a liking" to Synology's NAS devices.