If reports from China are accurate, the country's often-bootlegged and under-patched Windows installations are being hit hard by the WannaCrypt ransom-worm.
While the rest of the world seems to be enjoying some respite from the attacks, after researchers found and activated a kill switch in the original code, Xinhua reported on May 15 that machines behind 18,000 IP addresses had been infected by the software nasty in the country.
That number came from China's CERT, which added that it believed computers behind nearly 5,500 more IPs were "likely" infected, mostly in "Beijing, Shanghai and coastal provinces such as Guangdong and Zhejiang."
Hong Kong-based South China Morning Post reckons the number is much higher, claiming there are 30,000 infections.
That report says WannaCrypt is hitting China's university sector particularly hard, based on reports from Qihoo 360's Threat Intelligence Center.
The SCMP report says 20,000 service stations owned by China National Petroleum could only accept cash after the attack, with this Sunday statement from the company detailing the extent of the attack. ®