WannaCry

China pays for Windows XP addiction as 'WannaCry' hits

1 in 5 PCs still run the ancient, obsolete OS, so infections come as no surprise

12973123 10106415969507493 6982208931759200481 o
Credit: Michael Kan

The WannaCry ransomware has wormed its way into tens of thousands of Windows PCs in China, where Windows XP runs one in five systems, local reports said Monday.

More than 23,000 IP addresses in the People's Republic of China (PRC) show signs of infection, the country's National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT) told Xinhua, the state-run news agency, on Monday.

"Intranets in many industries and enterprises involving banking, education, electricity, energy, healthcare and transportation have been affected in different extents," CNCERT said.

The Hong Kong-based Southern China Morning Post upped the ante in its report Monday, claiming that tens of thousands of businesses and organizations had been hit by the ransomware, which has been dubbed "WannaCry" by most security experts, "WannaCrypt" by a few outliers.

The China National Petroleum Corporation (CNPC), for example, took some 20,000 gas stations offline early Saturday, forcing customers to pay in cash as credit card purchases could not be processed. By mid-day Sunday, some 20% of the stations were still disconnected from the Internet, but efforts were continuing to restore payment options, the company said in a statement.

It shouldn't have been a surprise that PCs in the PRC were hit hard by WannaCry: Although security experts have yet to identify the original infection vector, the ransomware spreads rapidly by exploiting Windows vulnerabilities in a baked-in file sharing protocol.

Microsoft patched the flaws in March when it issued MS17-010, one of its last-ever security bulletins. But because Microsoft only supports -- patches, in other words -- newer editions of its operating system, the 16-year-old Windows XP and the 5-year-old Windows 8 were not bolstered with the same fix.

China is at greater risk of attacks against unpatched Windows XP PCs than most countries because a larger percentage of the nation's systems run the obsolete OS than the global average.

According to Baidu, the PRC's largest search provider, 19% of all personal computers using its service last month were powered by Windows XP. That was almost double the share of Windows 10, but less than a third of the share of Windows 7.

Windows XP's worldwide share was about 7% in April, said U.S. analytics vendor Net Applications earlier this month, about one-fourth the share of Windows 10 and a seventh the share of Windows 7.

Over the weekend, Microsoft issued security updates for Windows 8, Windows Server 2003 and Windows XP, which had had been banished from the patch list one, two and three years ago, respectively. "This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind," Phillip Misner, a principal security group manager at the Microsoft Security Response Center (MSRM), said in a post to a company blog.

Misner's post included links customers can click to download the appropriate patch for their older PC or server. Newer versions of Windows can be inoculated against WannaCry by running Windows Update and applying all outstanding patches.

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon