BEIJING Chinese local authorities from traffic police to industry regulators were hobbled on Monday by a massive global ransomware attack, but the spread of the WannaCry worm in the country appeared less aggressive than initially feared.
Dozens of local Chinese authorities said they had suspended some of their services due to the attack that has disrupted operations at car factories, hospitals, shops and schools around the world.
However, officials and security firms said the spread was starting to slow in the country, which has the world's largest number of Internet users.
"The growth rate of infected institutions on Monday has slowed significantly compared to the previous two days," said Chinese Internet security company Qihoo 360.
"Previous concerns of a wide-scale infection of domestic institutions did not eventuate."
Qihoo has previously said the attack had infected close to 30,000 organizations by Saturday evening. Of that, over 4,000 were educational institutions.
An official from Cybersecurity Administration China (CAC) told local media on Monday that while the ransomware was still spreading and had affected industry and government computer systems, the spread was slowing.
China remained a major source of attack from infected computers, at least during the Asian day, said Michael Gazeley, managing director of Network Box, a Hong Kong-based cybersecurity firm.
At about noon (0400 GMT), nearly 47 percent of attacks on Network Box's clients came from China. This would change, Gazeley said, as Europe and U.S. computers are turned on, but it indicated the scale of the problem there.
Chinese government bodies from transport, social security, industry watchdogs and immigration said they had suspended services ranging from processing applications to traffic crime enforcement.
It's not clear whether the services were suspended due to attacks or for emergency patching to prevent infection. Even then, adding a patch was no simple task, experts said.
"If a system supports some kind critical processes those systems typically are very hard to patch... We don't have a precedent from something of this scale (in China)," said Marin Ivezic, a cybersecurity expert at PwC in Hong Kong.
Affected bodies included a social security department in the city of Changsha, the exit-entry bureau in Dalian, a housing fund in Zhuhai and an industry watchdog in Xuzhou.
The ransomware, which has locked up over 200,000 computers in more than 150 countries, has been mainly spread by e-mail, and in China has hit schools and colleges, energy giant PetroChina's (601857.SS) payment systems and local government.
Security experts say most infected computers appear to be systems running out-of-date operating systems, or machines that are hard to patch without affecting crucial operations in areas like healthcare or manufacturing.
Beijing has said previously it is a victim of hacking, although the United States has accused it of cyber attacks on U.S. government computer systems.
China is also set to implement a tougher new cyber security law from June 1, designed to strengthen critical infrastructure, even as many global tech firms and lobbies say that its cyber rules skew the playing field against foreign firms.
(Additional reporting by Cate Cadell in Singapore; Writing by Adam Jourdan; Editing by Raju Gopalakrishnan)