Windows 7 PCs Account For 98 Percent Of All WannaCry Infections (tr)

Hot Hardware ^ | May 21, 2017 | Paul Lilly

[dayglored]

For a quick minute, it looked as though a strain of ransomware that was seemingly stolen from the United States National Security Agency (NSA) was going to be a major problem for PCs around the world, and in particular Windows XP systems. Microsoft even made the unusual move of releasing an emergency patch for Windows XP even though it stopped supporting the legacy OS a long time ago. But now a week after the initial WannaCry outbreak it's been discovered that Windows 7 PCs were the hardest hit.

A researcher for Kaspersky Lab posted a message on Twitter saying "the Windows XP count is insignificant," adding that Windows 7 took the brunt of the ransomware's activity. When looking at the overall infection rate, various builds of Windows 7 collectively accounted for more than 98 percent of PCs to be hit by WannaCry.

Source: Kaspersky/Costin Raiu

Also referred to as WannaCrypt, WCry, and a handful of other names, WannaCry made headlines after quickly spreading tens of thousands of PCs in dozens of countries in just a few hours. The ransomware infiltrated several hospitals in the United Kingdom, some of which had to turn down patients and send staff home because the systems they rely on (and store patient records on) had been hijacked.

WannaCry is believed to be one of several cyber tools that was previously swiped from the NSA and leaked to the web by an Italian hacking group. What made WannaCry especially nasty is that it was able to spread in a worm-like fashion across networks. However, the threat was relatively short lived.

A security researcher noticed that WannaCry was pinging a specific domain, one that was not registered. In an attempt to learn more about the ransomware, he registered the domain with intention of observing its activity. In doing so, he inadvertently neutralized the outbreak. As it turns out, the malware's author coded in a so-called kill switch, presumably in case he ever wanted to stop it from spreading. The way it worked is WannaCry would check to see if a specific domain was active before getting busy encrypting an infected system. If it determined the domain was active, it would stop what it was doing.

According to Elliptic, WannaCry has only collected a little more than $100,000 in Bitcoin. While not exactly chump change, it had the potential to collect much more, except for a combination of the discovery of the kill switch, owners of infected PCs opting to wipe their system clean, and the presence of a tool on GitHub that can help people recover data on infected systems.

[dayglored]

> ..the priorities and funding for such a huge undertaking would arise from elsewhere

Good point; there is always the "ya gotta dance with them whut brung ya" effect.

> The only reason I'm singleing out MS in my comment here is that they're the topic.

"Topic? TOPIC??? This is FreeRepublic -- We don't need no steeenkin' topic!"

You're quite right, of course; threads do tend to wander...

> I'm actually having fun with it too, and learning.

That's great! My daughter just earned her BS in CompSci and is eagerly looking forward to working in software engineering. She started playing on my CompuAdd 286 with Win3.11 when she was just a couple years old, built her first dual-boot system (WinXP/Linux) at 12, and part-timed doing IT support while she was earning the degree. She appears to have taken her ol' man's advice to pursue a career at something you have fun doing; that way you can get somebody to pay you for having a good time. :-)

May you enjoy the same good fortune I have in that regard.

[dayglored]

> My son tweaked my W7 for me so that I don’t get the W10 nags and I can still get any updates that come along. I think my Malwarebytes might have caught the wannacry. It froze up my computer a couple of days before that came out and put a note on the screen to shut it down after doing a particular procedure that shut down background stuff I wasn’t even aware was running then said for me to leave it off until 0600, about 7 hours later. I did it like that and it is running a lot faster since. I really don’t know what that was all about and am just guessing because of the timing.

That's very interesting. I don't know whether the stuff Malwarebytes was responding to was WannaCry or something else, but MalwareBytes is a terrific product and I trust their products to do the right thing.

[arthurus]

I was a faithful user of McAfee for years but got bit by a virus about once a year. Then my son introduced me to MBytes Free and I switched to that. I have not had any virus in 6 years. I did finally buy the Mbytes when I got an offer at $14.99 for life. That was much more satisfying than McA's $39.99 a year.

I got one of those ransomware things way back (W2000) before I had heard the term. It was one telling me my machine was infected by billions of virii and I had to send them $99.99 to buy their antivirus fixer. I fought through their dozens of popups and tweaked settings with my son on the phone until it all just went away.