Though WannaCry was one of the most serious malware attacks ever, some old Windows systems surprisingly eluded infection.
That’s the finding of Kryptos Logic, a company which develops cybersecurity solutions.
On May 12, WannaCry ransomware attacked computers running Microsoft Windows operating systems worldwide, wreaking havoc by targeting a vulnerability referred to as Server Message Block.
The problem for users and IT people was that it encrypted their data – making it inaccessible – then demanded ransom in Bitcoin to get access back.
Within 24 hours or so, it had infected over 200,000 systems in over 150 countries, including major financial, telecom and health organizations. The attack was effectively stopped by May 15 when an Internet security researcher at MalwareTech discovered a so-called “kill switch.”
Windows XP largely spared
It was initially thought that some of the most vulnerable computers were those running the oldest Windows operating systems. In particular, those running Windows XP, which debuted back in 2001 and one that Microsoft had stopped supporting.
But, as it turns out, Windows XP wasn’t that vulnerable.
A version of Windows 7 “was successfully infected,” Kryptos Logic said in a blog post. But “it was found that… Windows XP hosts kept blue-screening and rebooting without any infection occurring.”
“Blue screening” refers to a Windows system crash, where the user sees a blue error screen and then the system shuts down.
The blog added that since the main means of infection was the Server Message Block, “it seems like XP did not contributed [sic] much to the total infection counts.”
And there’s other data to back this up.
On May 22, Costin Raiu, director of the global research and analysis team at Kaspersky Lab, released findings on the WannaCry infection, as reported by TechRepublic. "Worst hit - Windows 7 x64. The Windows XP count is insignificant,” Raiu said in a tweet.
Microsoft issued a "critical" security patch on March 14 to address the vulnerability on supported versions of Windows but many organizations neglected to install it.
“While it is unclear what led to the Windows 7 vulnerability, many have posited that the victims may have missed a security patch Microsoft released in early 2017, accounting for a host of exploits made available by hacker group Shadow Brokers,” said TechRepublic.