Ransomware WannaCry Infected Almost Only Windows 7 PCs
Researchers have found out that WannaCry, a ransomware that wreaked havoc just recently, infected almost only computers running Windows 7, at least judging from early figures.
Roughly 98 percent of all computers that the ransomware hit were all running some version of Windows 7, with less than one in a thousand of targeted computers running Windows XP.
That's according to Kaspersky Lab, which released the data on Friday, May 19. Since more recent Windows versions aren't vulnerable to WannaCry, it adds up. Majority of PCs still run Windows 7 — it's the most common Windows platform, in fact, powering roughly four times as many devices as Windows 10 globally.
Windows XP's Role In WannaCry Fiasco 'Insignificant'
Yet the data is still a crucial element of the whole case, since it stresses that Windows XP only played a small role in the whole WannaCry affair and that its hit count is insignificant, according to Costin Raiu, Kaspersky Lab's director of global research and analysis. This too adds up in a different context, since Microsoft itself had said previously that Windows XP is less vulnerable than Windows 7 and Vista.
The data comes amid criticism over Microsoft's approach to releasing patches on older versions of its operating system. Microsoft had pushed out a public patch for Windows 7 long before the attack occurred, but the patch for Windows XP was only released as an emergency measure, with the damage already inflicted. Rumor has it that Microsoft had a patch ready but held it back because it wanted customers to pay up for technical support.
All told, it seems infected systems are slowly coming back up, thanks to a decryption tool that was recently released to unlock files sans ransom. Sloppy coding enabled researchers to discover that private encryption keys can be recovered from attacked systems, allowing users to reverse the damage.
WannaCry hit many systems, but hospitals in the UK in particular suffered significant damage, causing reported closures of entire wards. It clobbered Britain's public health system: doctors couldn't access patient files, and those who needed urgent care had been turned away.
WannaCry was distributed via email by a hacker group called Shadow Brokers. These emails contained an encrypted, compressed file that penetrated target systems upon loading. Beyond Europe, hospitals and telecommunication companies in Asia were also affected.
Hackers lifted WannaCry from the U.S. National Security Agency, who had originally called the vulnerability "EternalBlue." Shadow Brokers claims to have obtained several of NSA's hacking tools and has since been publishing them online.
WannaCry Fix: What You Should Do If You're Hit
If you've been hit by the ransomware, assuming your machine is running Windows XP to Windows 7 and, most importantly, if you haven't rebooted your system yet, you're in luck, as there's an easy fix to undo WannaCry's damage.
The fix is called wanawiki, from security researcher Benjamin Delpy. It scours a computer's memory for prime numbers, which it then uses to generate unlock keys for the encrypted files. But beware: restarting your machine could erase these prime numbers.