Windows 7 PCs Account For 98 Percent Of All WannaCry Infections (tr)

Hot Hardware ^ | May 21, 2017 | Paul Lilly

[dayglored]

For a quick minute, it looked as though a strain of ransomware that was seemingly stolen from the United States National Security Agency (NSA) was going to be a major problem for PCs around the world, and in particular Windows XP systems. Microsoft even made the unusual move of releasing an emergency patch for Windows XP even though it stopped supporting the legacy OS a long time ago. But now a week after the initial WannaCry outbreak it's been discovered that Windows 7 PCs were the hardest hit.

A researcher for Kaspersky Lab posted a message on Twitter saying "the Windows XP count is insignificant," adding that Windows 7 took the brunt of the ransomware's activity. When looking at the overall infection rate, various builds of Windows 7 collectively accounted for more than 98 percent of PCs to be hit by WannaCry.

Source: Kaspersky/Costin Raiu

Also referred to as WannaCrypt, WCry, and a handful of other names, WannaCry made headlines after quickly spreading tens of thousands of PCs in dozens of countries in just a few hours. The ransomware infiltrated several hospitals in the United Kingdom, some of which had to turn down patients and send staff home because the systems they rely on (and store patient records on) had been hijacked.

WannaCry is believed to be one of several cyber tools that was previously swiped from the NSA and leaked to the web by an Italian hacking group. What made WannaCry especially nasty is that it was able to spread in a worm-like fashion across networks. However, the threat was relatively short lived.

A security researcher noticed that WannaCry was pinging a specific domain, one that was not registered. In an attempt to learn more about the ransomware, he registered the domain with intention of observing its activity. In doing so, he inadvertently neutralized the outbreak. As it turns out, the malware's author coded in a so-called kill switch, presumably in case he ever wanted to stop it from spreading. The way it worked is WannaCry would check to see if a specific domain was active before getting busy encrypting an infected system. If it determined the domain was active, it would stop what it was doing.

According to Elliptic, WannaCry has only collected a little more than $100,000 in Bitcoin. While not exactly chump change, it had the potential to collect much more, except for a combination of the discovery of the kill switch, owners of infected PCs opting to wipe their system clean, and the presence of a tool on GitHub that can help people recover data on infected systems.

[dayglored]

[Dayglored puts on his tin-foil hat.]

So ... if you were Microsoft, and you were in cahoots with the NSA, and you wanted to scare the bejesus out of customers who were still using Windows 7 so that they would switch in fear to Windows 10, what might you do?

[Dayglored takes his tin-foil hat back off.]

The real reason Windows 7 was hit hardest was that Windows 10 FORCES THE UPDATES ON YOU. And in this case, it was demonstrably a Good Thing.

So, Windows 7 users, have you (we) learned your (our) lesson? : DO YOUR D@MN UPDATES!!

(Or switch to Windows 10 where Microsoft does them for you...)

(Or switch to Linux or Mac, where you ALSO have updates...)

[dayglored]

WannaCry Update ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

[rockinqsranch]

I have been hit multiple times on my W-7 PC with such obvious phishing attempts I had to laugh. I just don’t open anything that even looks the least bit out of the ordinary. If I screw up I’m better off having deleted than otherwise opened up the door to suffering the consequences.

[rockinqsranch]

Further to previous post: Mostly they have been phony messages using FEDEX, Google, and Microsoft in subject lines that I believe to be obvious phishing expeditions trying to get me to click on them.

[qam1]

So, Windows 7 users, have you (we) learned your (our) lesson? : DO YOUR D@MN UPDATES!!

If Windows 7 updates were real updates instead of your boss forcing tray icons & pop ups to update to Windows 10, we wouldn't have to turn automatic updates off.

[MUDDOG]

And wonder why they don’t get in my door.

[TomGuy]

from Microsoft TechNet:

Customer Guidance for WannaCrypt attacks

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

and

Microsoft Security Bulletin MS17-010 - Critical

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

[The 2nd link above links to all of the Windows updates for various versions, including Windows 7.]

==

I ran the Win7-64bit version a few days ago. It did mess up my Sandboxie sandbox, so I had to upgrade the Sandboxie to the latest version. So far, I have not noticed any other problems.

[RayChuang88]

That's why you need to run the Patch Tuesday updates as soon as possible. In fact, the March 2017 security updates for Windows 7/8.x/10 corrected this specific vulnerability.

[dayglored]

Precisely!

[Fred Hayek]

My e-mail provide shunts those into a bulk mail folder.

[soycd]

At the very least, turn off the microShaft SMB crap if you do nothing else...

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled

And if you feel lucky, use their update ...

kb4012212.msu

[doorgunner69]

Just got a phony Amazon notice that I had cancelled an order. Dunno, but my spam filter caught it.

Easy to see it was a fraud from the goofy sender ID.

[Boomer]

Just switch to one of the many versions of Linux and be done with it.

[Still Thinking]

Actually, I fear that Microshaft will put something in an update that proactively breaks W7 to coerce you onto 10. It’s not that far removed from what they already did.

[minnesota_bound]

I did the updates a week or so ago. It said I did not run updates since November 2016. Since then the first batch was near 700mb and a 2nd batch done yesterday was about 150mb more. Windows 7 must be swiss cheese to hackers.

[867V309]

Really tired of your MS BS.

[BestPresidentEver]

Win 7 is better than the current versions. So naturally that one gets hit.

[arthurus]

Maybe MSFT is the origin, pushing folks to go to W10.Just a thought.

[Bob434]

nuttin like a good old macrium reflect backup of windows to ensure your computer is up and running quickly- ransomeware? Pfffft- whatever- reinstall your backup in about 20 minutes and good to go-

I also love a program called RollBackRX which is even quicker than restorign from a full raw backup- it will restore your computer even if it won’t start- the boot menu includes the RollBackRX menu which allows you to choose a restore point to before the infection- Very cool- for htose using windows, epsecially older versions, i would highly recommend RollBackRX OR macrium Reflect- but prefer RollBackRX-

cost is around $60 usually, but can be got for around $30 during sales- WELL worth hte money- saved my computer many times- don’t even have to worry about experimenting with programs anymore- if they hose something- just do a rollback- takes about 10 minutes or so- and just a few clicks- very easy to use-

[OldMissileer]

Actually, I fear that Microshaft will put something in an update that proactively breaks W7 to coerce you onto 10. It’s not that far removed from what they already did.

From what I read quite some time ago they rolled up their updates and included all the key logging and spyware from Win10 into the update packages for Win7. I have basically stopped my updates and just tread lightly surfing the Internet.