Why WannaCry might make Microsoft cry in China

China’s reliance on illegitimate software means it was hit even harder than the west

Friday 12 March, 2017 will long be remembered by cybersecurity professionals around the world. On this day, the now infamous WannaCry ransomware epidemic began to worm its way around PCs and servers across the planet. It was aptly named, considering the mayhem it caused as organisations were forced to pull the plug. But while news on the campaign has reached saturation point, one strand is worth investigating further.

Chinese organisations are said to have been disproportionately affected by the ransomware blitz. Why? Because of an age-old reliance on pirated and unsupported software which was more exposed to the attacks. While WannaCry may not change those habits in the short term, it could yet accelerate Beijing’s long mooted migration away from Microsoft.


Lights out

The WannaCry attacks are said to have used two NSA exploits publicly revealed by a Kremlin-linked hacking group – the Shadow Brokers – to infect and then spread through organisations like wildfire. The main vulnerability that was exploited (MS17-010) was patched by Microsoft back in March. But crucially, only for supported operating systems. That means if you’re running XP, for example, you would not have been protected from the initial onslaught, although Microsoft broke with protocol eventually and did publicly issue a patch for these users. Those running pirated software would also not have been able to take advantage of security updates.

All of which brings us to China. We all know the country is overwhelmingly Microsoft dependent. As of April, Windows had just under 93% of the desktop OS market. But according to the most recent stats from the Business Software Alliance, the rate of unlicensed software in the country stood at a staggering 70% in 2015, at a cost of $8.7 billion. Ouch. How about unsupported software? Some stats claim XP still has an 11% share of the market. But the figure could be as high as 19%, according to Baidu data sourced by Computerworld. That’s double the share of Windows 10 and more than double the global average of 7%.

Yet surely these trends apply only to consumers, you might think. Not so, according to reports of WannaCry infections at major Chinese multinationals (China Telecom, PetroChina) and prestigious universities (Tsinghua Uni). The threat also spread to other industries including banking, electricity, energy, healthcare and transportation, according to CNCERT.

While infection with WannaCry isn’t cast iron proof that an organisation was running an outdated or unsupported software version – after all, they may simply have been slow to patch – it would explain the severity of the outbreak in the Middle Kingdom. Reports from the state TV broadcaster claimed over 40,000 organisations were hit, with one in five petrol pumps taken offline, according to the China National Petroleum Corporation.

Chinese IP addresses were the source of about 8% of global WannaCry-related traffic detected by Finnish cybersecurity firm F-Secure over the weekend, the firm told me. However, the firm claims to have limited visibility into China, so the real number could be much higher.


Microsoft in trouble?

This is exactly what Microsoft didn’t need in China – another reason for the government to seek home-grown alternatives to its products.

“The WannaCry situation will almost certainly validate China's concerns,” F-Secure security advisor, Sean Sullivan explained to me.

The truth is that, unlike the flashy smartphones toted by a rapidly growing affluent middle class, computer software has never been seen as a sexy status symbol in China. That feeds in to a culture where many consumers are reluctant to pay for it. Yet even in organisations that should know better, anecdotal evidence suggests pirated and unsupported software – mainly Microsoft – abounds. Is this going to change anytime soon? Not likely – and that could spell bad news for Redmond.

Microsoft has had a shaky relationship with the Chinese government for many years. Beijing was not amused when Redmond signalled its intent to end support for XP, trying to get the computing giant to change its mind. Microsoft refused but did offer free upgrades. However, this seems not to have placated Beijing, which has a long-term goal of national self-reliance in IT. In fact, the government even announced a bizarre ban on Windows 8 a few years back, despite continuing to buy Win7 licences. Then there’s the antitrust investigation launched in early 2016.

Microsoft has bent over further by recently producing a specialised version of Windows 10 for government use there. But it’s still unlikely to change the long-term future. Edward Snowden-leaked revelations over NSA interference in US-made products was a PR dream come true for Beijing and it still uses security concerns to justify weaning itself off foreign products. In the front seat to take that role could eventually be Linux-based “XP rip-off” NeoKylin. It’s likely that WannaCry will only harden China’s resolve to move away from Microsoft, even if its own preoccupation with outdated and pirated software may ultimately have been to blame.


Also read:
People and processes responsible for WannaCry outbreak