A few weeks ago, when WannaCry ransomware caught half the world off guard, many were blaming the use of old Windows XP system for helping it spread.
One of the largest organization to fall victim to the ransomware was the UK’s NHS, and even they have many systems that still aren’t updated to some of the later versions of Windows. The patch for the new versions of Windows was released even before the attack, but XP is a version unsupported by Microsoft. Despite this, they released a patch even for this old system.
The problem is that it’s later discovered that around 98% of the ransomware victims have actually used Windows 7, and not XP. This doesn’t mean that XP versions weren’t attacked, but there were many cases of Windows XP versions crashing and displaying BSOD (Blue Screen of Death) after the ransomware tried to take control of them. These systems then required a hard reset in order to be useful again.
In order to see how will the systems behave when attacked by WannaCry, the researchers tested many different versions. Among those that were tested were Windows XP with Service Pack 2, Service Pack 3, as well as Windows 7 64 bit with Service Pack 1 and also Windows Server 2008 with Service Pack 1.
WannaCry was successfully installed in every attack on Windows 7 system, but many of the attacks on the Windows XP didn’t work as strongly as researchers expected. And the systems that were running Service Pack 2 weren’t infected at all.
Still, XP that had SP2 was affected, only not with the ransomware infection, but with continuous crashes and BSOD.
Researchers believe that these crashes were caused by WannaCry attempting to infect the system. Despite the fact that this must have been a very frustrating phenomenon to many organizations that used these systems, at least they didn’t have their data held for ransom. This still doesn’t mean that Windows XP is immune to the attacks. It can still be infected by attacks like WannaCry if it’s completely unpatched. In fact, systems that aren’t getting their updates are often the main targets for hackers and their malware.
Also, even though WannaCry has made a lot of problems to many organizations and countries around the world, its creators only managed to earn around $110,000 from those who decided to pay the ransom. That’s not a lot of money considering just how powerful and big this attack was.
It’s still unknown who was behind the attack since none of the hacker groups have claimed responsibility. While many researchers believe that the attack was the act of North Korean Lazarus Group, there are also theories that Chinese-speaking hackers are responsible.
Researchers came up with this theory after deeper analysis of the ransomware messages that were left in many different languages.
As previously mentioned, it’s still unknown who’s to blame for the WannaCry attack, and cyber security firms, as well as the authorities of many countries, continue their search for answers.