Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows XP Computers Were Mostly Immune To WannaCry (theverge.com)

Posted by BeauHD on from the contrary-to-popular-belief dept.

An anonymous reader quotes a report from The Verge: Windows XP isn't as vulnerable to the WannaCry ransomware as many assumed, according to a new report from Kryptos research. The company's researchers found that XP computers hit with the most common WannaCry attack tended to simply crash without successfully installing or spreading the ransomware. If true, the result would undercut much of the early reporting on Windows XP's role in spreading the globe-spanning ransomware. The core of WannaCry is a vulnerability in a Windows file-sharing system called SMB, which allowed WannaCry to spread quickly across vulnerable systems with no user interaction. But when Kryptos researchers targeted an XP computer with the malware in a lab setting, they found that the computers either failed to install or exhibited a "blue screen of death," requiring a hard reset. It's still possible to manually install WannaCry on XP machines, but the program's particular method of breaking through security simply isn't effective against the older operating system. The worst-case scenario, and likely scenario," the Kryptos report reads, "is that WannaCry caused many unexplained blue-screen-of-death crashes." While they cut against much of the early analysis of WannaCry, Kryptos' findings are consistent with early research from Kaspersky Lab, which found that Windows XP accounted for an "insignificant" percentage of the total infections. Kaspersky found the bulk of infections on machines running Windows 7 or Windows Server 2008.

3 of 58 comments (clear)

  1. Re:Cool, but still not worth it by CaptainDork · · Score: 4, Informative

    Use a registry hack to tell your XP that it's an embedded computer, much like an ATM or POS:

    Windows XP registry hack keeps security updates rolling for the dead operating system

    --
    It little behooves the best of us to comment on the rest of us.
  2. It's a lack of installing updates. by viperidaenz · · Score: 4, Informative

    The majority of the spread was caused by Windows 7 machines, several months after security updates were released.

    In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.

    https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

    Release March 14: Microsoft Security Bulletin MS17-010 - Critical

    1. Re:It's a lack of installing updates. by Anonymous Coward · · Score: 1, Informative

      Found the Microsoft shill.