By Gregg Keizer
May 16, 2017
Credit: Michael Kan
The WannaCry ransomware has wormed its way into tens of thousands of Windows PCs in China, where Windows XP runs one in five systems, local reports said Monday.
More than 23,000 IP addresses in the People's Republic of China (PRC) show signs of infection, the country's National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT) told Xinhua, the state-run news agency, on Monday.
"Intranets in many industries and enterprises involving banking, education, electricity, energy, healthcare and transportation have been affected in different extents," CNCERT said.
The Hong Kong-based Southern China Morning Post upped the ante in its report Monday, claiming that tens of thousands of businesses and organizations had been hit by the ransomware, which has been dubbed "WannaCry" by most security experts, "WannaCrypt" by a few outliers.
The China National Petroleum Corporation (CNPC), for example, took some 20,000 gas stations offline early Saturday, forcing customers to pay in cash as credit card purchases could not be processed. By mid-day Sunday, some 20% of the stations were still disconnected from the Internet, but efforts were continuing to restore payment options, the company said in a statement.
It shouldn't have been a surprise that PCs in the PRC were hit hard by WannaCry: Although security experts have yet to identify the original infection vector, the ransomware spreads rapidly by exploiting Windows vulnerabilities in a baked-in file sharing protocol.
Microsoft patched the flaws in March when it issued MS17-010, one of its last-ever security bulletins. But because Microsoft only supports -- patches, in other words -- newer editions of its operating system, the 16-year-old Windows XP and the 5-year-old Windows 8 were not bolstered with the same fix.
China is at greater risk of attacks against unpatched Windows XP PCs than most countries because a larger percentage of the nation's systems run the obsolete OS than the global average.
According to Baidu, the PRC's largest search provider, 19% of all personal computers using its service last month were powered by Windows XP. That was almost double the share of Windows 10, but less than a third of the share of Windows 7.
Windows XP's worldwide share was about 7% in April, said U.S. analytics vendor Net Applications earlier this month, about one-fourth the share of Windows 10 and a seventh the share of Windows 7.
Over the weekend, Microsoft issued security updates for Windows 8, Windows Server 2003 and Windows XP, which had had been banished from the patch list one, two and three years ago, respectively. "This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind," Phillip Misner, a principal security group manager at the Microsoft Security Response Center (MSRM), said in a post to a company blog.