The WannaCry ransomware attacks are understood to have resulted in data being encrypted on around 300,000 computers in 150 countries. The attackers took advantage of unpatched software, exploiting a vulnerability in Microsoft Server Message Block 1.0 (SMBv1) using the EternalBlue exploit stolen from the NSA and published online by the hacking group Shadow Brokers.
While a patch had been released by Microsoft to fix the vulnerability in March (MS17-010), many organizations had been slow to apply the patch and were vulnerable to attack.
However, the bulk of infected computers were running older operating systems for which a patch had not been released. Data released from Kaspersky Lab shows that in the vast majority of cases, it was organizations with Windows 7 machines that had data encrypted. Kaspersky Lab says 95% of infected devices were running Windows 7, with 60% of infected machines running Windows 7 x64.
In the aftermath of the attack, there was talk of companies running Windows XP being affected. Windows XP support ended three years ago, with patches no longer issued to address vulnerabilities. However, Kaspersky’s analysis shows that the attackers were not targeting Windows XP devices, instead the worm code only worked with Windows 7 and Microsoft 2008 servers.
That’s not to say that Windows XP devices were unaffected, only that the attack did not result in data being encrypted. Windows XP users may have experienced system crashes but the ransomware could not encrypt data on the devices. That said, Microsoft did issue a patch for Windows XP and also Windows Server 2003 as a precaution. In theory, the attackers could have also targeted those older operating systems.
Kaspersky Labs analysis clearly demonstrates that poor patch management and continued use of outdated operating systems is a recipe for disaster. If vulnerabilities are not addressed, it will only be a matter of time before they are exploited. Since extended support for Windows 7 will soon end, any company that has not yet upgraded should do so as a priority.