China issued a nationwide cybersecurity alert on Monday in the wake of global WannaCry "ransomware" attacks that left tens of thousands of computers compromised and showed up gaping holes in the online security practices of higher education institutes, experts said.
The enterprise-security division of anti-virus software provider Qihoo 360 said 29,372 institutions ranging from government offices to universities, ATMs and hospitals had been “infected” by the outbreak, including around 4,000 universities and research institutions.
However, the country's Cybersecurity Administration said the spread of the malware was believed to be slowing on Monday, although Chinese government bodies from transport, social security, industry watchdogs and immigration said they had suspended services ranging from processing applications to traffic crime enforcement in the wake of the attacks.
A computer expert in the southern Chinese province of Guangdong surnamed Gao told RFA on Monday that the spread of the malware was exacerbated by the fact that some institutions had disabled their own firewalls.
"Sometimes the institutional firewalls make the computers very slow, so sometimes they are switched off," Gao said. "Sometimes the government sends out directives warning [them] about this."
Sang Young, cybersecurity expert at the Internet Society's local chapter, agreed, saying that the attack had highlighted gaping holes in the cybersecurity of many Chinese educational institutions.
"A lot of the technical colleges in mainland China are directly linked to the internet, which is to say that they use their real IP addresses, so it's very easy for the virus to find them," Young said.
"Here in Hong Kong, a lot of companies are hidden behind firewalls, or wifi routers, which has the same effect."
Ransomware attack
The attack comes as China gears up to implement a tough new cybersecurity law from June 1, which critics say discriminates against overseas service providers.
Among government agencies affected were a social security department in the central city of Changsha, the exit-entry bureau in northeastern Dalian, a housing fund in southern Zhuhai and an industry watchdog in eastern Xuzhou, Reuters reported.
The attack encrypts infected machines, before demanding ransom payments of U.S.$300-600 to unlock them again, using the digital currency Bitcoin.
The Cyberspace Administration warned Chinese computer users to install and upgrade computer security software to avoid further attacks.
Xinhua news agency said that some 18,000 IP addresses in China have been confirmed as infected with the "WannaCry" ransomware, citing the National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT).
"Intranets in many industries and enterprises involving banking, education, electricity, energy, healthcare and transportation have been affected in different extents," it said, quoting experts as saying that reinstalling the operating system is one way of dealing with the problem.
"The growth rate of infected institutions on Monday has slowed significantly compared to the previous two days," Chinese Internet security company Qihoo 360 said in a statement.
"Previous concerns of a wide-scale infection of domestic institutions did not eventuate."
However, China remained a major source of attack from infected computers, according to a Hong Kong-based cybersecurity company.
Michael Gazeley, managing director of Network Box, said nearly half of the attacks on Network Box's clients came from China.
Reported by Goh Fung for RFA's Cantonese Service, and by the Mandarin Service. Translated and edited by Luisetta Mudie.