One week after it first hit, researchers are getting a better handle on how the WannaCry ransomware spread so quickly — and judging from the early figures, the story seems to be almost entirely about Windows 7.
According to data released today by Kaspersky Lab, roughly 98 percent of the computers affected by the ransomware were running some version of Windows 7, with less than one in a thousand running Windows XP. 2008 R2 Server clients were also hit hard, making up just over 1 percent of infections...
Tweet
— Twitter API (@user) View on Twitter
Read more: Almost all WannaCry victims were running Windows 7 - The Verge
See also: Microsoft - Customer Guidance for WannaCrypt attacks - Windows 10 Forums
Reposting this here, in case someone needs it:
So there's a possibility to get your encrypted files back...for some....
WannaDecrypt your files? The WannaCry solution, for some - Malwarebytes Labs | Malwarebytes Labs
The decryptor is only going to work if you haven’t restarted the infected system and you haven’t killed the ransomware process (should be wnry.exe or wcry.exe) so please don’t restart or kill the process if you want to get those files back!
Moreover credible evidence linked here that the worm would not even function on XP. Kinda funny.
Over 98% of All WannaCry Victims Were Using Windows 7
Because the majority of computers in business environments are Windows 7...
Not surprising, as most desktops (worldwide) are running W7.
Also MS' has behaviour has guaranteed this outcome:
- The GWX fiascos encouraged lots of users to disable Windows Update
- To make sure WU wasn't turned back on MS switched to cumulative updates
- For additional insurance they made sure that everyone knew cumulative updates contained modified telemetry
Which proves the fact that hacker's mostly go after the lrager market share. When windows 10 does? overcome windows seven, then perhaps they will target it.
Henry.
You deny that those events happened:
- GWX was a fiasco (and there was the W10 "malware installer" popup incident too)
- MS switched to cumulative updates for W7 and the W8 Series
- Those updates contained changes to the Telemetry system (which is one of the major sources of continuing controversy regarding W10)
I forgot to include some other reasons why people might be refusing to update their PCs:
- MS breaking W7 updating for ~6 months (endless search for updates, which mysteriously started just as W10 was about to be released)
- The Windows Update CPU blocking debacle (which not only blocks Ryzen and Kaby Lake, but also AMD Carrizo):
We already talked about some "old generation" processors being caught in the crossfire before. Windows users reported that PCs with AMD Carrizo processors were blocked from installing updates even though that should not have happened according to Microsoft.
It was clear then that Microsoft screwed up the identification of processors. Now, a story on Infoworld highlights that AMD Carrizo systems are not the only ones caught in the crossfire.
Woody reports cases of Dutch computer users whose machines were updated-blocked by Microsoft.
The processors of these machines? A nearly decade old Intel Pentium Dual Core E5400 2.70GHz CPU, and a Celeron J1900 from 2013. There is even a report from another user who got updated-blocked by Microsoft after replacing a graphics card with an AMD Radeon RX480. If true, it would suggest that the detection cannot even get that right, or includes graphics cards as well in determining which customers to serve with updates, and which to block even though Microsoft did not mention that at all.
Quote
