Windows XP computers were mostly immune to WannaCry
Windows XP isn’t as vulnerable to the WannaCry ransomware as many assumed, according to a new report from Kryptos research.
The company’s researchers found that XP computers hit with the most
common WannaCry attack tended to simply crash without successfully
installing or spreading the ransomware. If true, the result would
undercut much of the early reporting on Windows XP’s role in spreading
the globe-spanning ransomware.
The core of WannaCry is a vulnerability in a Windows
file-sharing system called SMB, which allowed WannaCry to spread quickly
across vulnerable systems with no user interaction. But when Kryptos
researchers targeted an XP computer with the malware in a lab setting,
they found that the computers either failed to install or exhibited a
“blue screen of death,” requiring a hard reset. It’s still possible to
manually install WannaCry on XP machines, but the program’s particular
method of breaking through security simply isn’t effective against the
older operating system.
“The worst-case scenario, and likely scenario,” the
Kryptos report reads, “is that WannaCry caused many unexplained
blue-screen-of-death crashes.”
While they cut against much of the early analysis of WannaCry, Kryptos’ findings are consistent with early research from Kaspersky Lab,
which found that Windows XP accounted for an “insignificant” percentage
of the total infections. Kaspersky found the bulk of infections on
machines running Windows 7 or Windows Server 2008.
Much of the early focus on Windows XP was the result of
the UK’s National Health Service, one of the earliest and most damaging
WannaCry victims. A number of outlets
blamed the NHS infections on computers running Windows XP, leading to
widespread concern over Microsoft’s failure to release a patch. The NHS
itself vigorously denied the claim,
saying fewer than 5 percent of the service’s computers ran Windows XP
at the time of the attack. In light of the latest Kryptos research, it’s
plausible that unpatched Windows 7 systems were more of an issue for
NHS.
In the days after the attack, Microsoft drew significant criticism
for its failure to issue a public patch to protect Windows XP against
WannaCry. Microsoft stopped issuing public security patches for XP when
it deprecated the operating system in 2014, but paying Custom Support
users could still get patches directly from the company, including the
patch protecting against WannaCry. Microsoft ultimately issued an emergency patch to protect XP against the core vulnerability, although it’s unclear how much of a difference the patch made.
The Kryptos report doesn’t rebut all of Windows XP’s
security issues. Systems can still be infected by a direct installation
of the WannaCry malware, and the general vulnerability is still very
much an issue for anyone running an unpatched version of the system.
Beyond this specific malware, XP is still vulnerable to dozens of
attacks that have popped up in the years since support was discontinued.
In the case of WannaCry, however, XP’s tendency to crash when presented
with unusual code seems to have provided an unlikely protection against
the ransomware attack.
Kryptos’ report also gives new insight into WannaCry’s
broader impact. Researchers estimate the total number of infections was
in the millions, with at least 727,000 unique IP addresses checking into
domains associated with the malware. The research also suggests
WannaCry could have been far more damaging: the early kill-switch registration on the 13th may have blocked as many as 16 million further infections.
But while most of the world has begun to recover from the
malware, infections in China have skyrocketed in recent weeks. Kryptos
registered nearly 1 million infected computers in China on May 23rd
alone. It’s still unclear why Chinese computers have remained
vulnerable, but the country’s low rate of Windows 10 adoption is a
likely cause.
Source; The verge
Post a Comment