The core of WannaCry is a vulnerability that is in a Windows file-sharing system called SMB, which allowed WannaCry to spread quickly across vulnerable system with no user interactions. But when Kryptos researcher targeted an XP computer with the malwares in a lab setting, they found that the computer either failed to install or exhibited “blue screen of death,” requiring a hard resets. It’s still possible to manually install WannaCry on XP machine, but the program’s particular methods of breaking through security simply aren’t effective against the older operating systems.
“The worst-case scenarios, and likely scenario,” the Kryptos report reads, “is that WannaCry caused many unexplained blue-screen-of-death crash.”
While they cut against much of the early analysis of WannaCry Ransomeware, Kryptos’ findings are consistent to them with early research from Kaspersky Lab, which found that Windows XP accounted for an “insignificant” percentages of the total infection. Kaspersky found the bulk of infections on machines running Windows 7 or Windows Server 2008.
Much of the early focuses on Windows XP was the result of the UK’s National Health Services, one of the earliest and most damaging WannaCry victims. A numbers of outlet blamed the NHS infections on computers running Windows XP, leading to widespread concerns over Microsoft’s failure to release a patch. The NHS itself vigorously denied the claims, saying fewer than 5 percentage of the service’s computer ran Windows XP at the time of the attack. In light of the latest Kryptos research, it’s plausible that unpatched Windows 7 system were more of an issue for NHS.
Kryptos’ reports also gives new insight into WannaCry’s broader impacts. Researchers estimate the total number of infection was in the millions, with at least 727,000 unique IP addresses checking into domain associated with the malware data. The research also suggest WannaCry could have been far more damaging: the early kill-switch registrations on the 13thmay have blocked as many as 16 million further infection.
But while most of the world has begun to recovers from the malware, infection in China have skyrocketed in recent week. Kryptos registered nearly 1 million infected computer in China on May 23rd alone. It’s still unclear why Chinese computer have remained vulnerable, but the country’s low rate of Windows 10 OS adoption is a likely cause.
Take your time to comment on this article.