The WannaCry (or WannaCrypt) ransomware hack that impacted businesses worldwide was most successful on Windows 7 computers. It was believed that computers running older systems were most vulnerable to the ransomware attack. That turned attention to systems like Windows XP and Vista, still in use on a large number of computers today. The Windows Defender of Windows 7, released in 2009, protects only against spyware, which WannaCry is not. It’s ransomware, which is a relatively new creation. Windows Defender for Windows 8.1.
Skip to main content/
Welcome to WIRED UK. This site uses cookies to improve your experience and deliver personalised advertising. You can opt out at any time or find out more by reading our cookie policy.
Main Content
Advertisement
Two security companies, Kaspersky Lab and BitSight, have said their analysis of the malware shows that the majority of devices hit were actually running Windows 7. More than 97 per cent of the infected machines globally were running a version of the 7 operating system, Kaspersky Lab said.
Wanna Cry Doublepulsar Windows 7 64-bit
Costin Raiu, the director of global research and analysis at Kaspersky, said the number of machines running Windows XP was 'insignificant' and Windows 7 x64 was the most infected version of the operating system.
![Doublepulsar Doublepulsar](/uploads/1/2/4/3/124386714/986999183.jpg)
![Wannacry Doublepulsar Windows 7 Wannacry Doublepulsar Windows 7](/uploads/1/2/4/3/124386714/872537831.png)
Raiu told ArsTechnica UK that the infected Windows XP machines were likely manually infected by their owners for testing purposes.
The figures from Kaspersky are based on the machines its own software runs on, however, the claim that Windows 7 was the most infected operating has been corroborated by security firm BitSight. The US-based firm told Reuters that it had analysed 160,000 computer and found that 67 per cent of infected machines were running Windows 7.
Advertisement
In order to see this embed, you must give consent to Social Media cookies. Open my cookie preferences.
The ransomware, which demands a $300 Bitcoin payment, was first seen spreading around the internet in the middle of May and infected hundreds of thousands of machines around the world. The NHS was one of the largest organisations to be hit, with at least 40 hospitals in 24 NHS trusts impacted.
Advertisement
Before the analysis had taken place, the spread of the WannaCry ransomware was largely blamed upon computers running on Windows XP. Microsoft even went as far as to release a rare patch for Windows XP. Both operating systems are vastly outdated: Windows 7 was first released in 2009, while XP was released in 2001 and within the UK, the government stopped paying for additional security support in 2015.
Subsequent inspection of the WannCry ransomware by Malwarebytes said it had spread through a worm, rather than the phishing emails, as was originally expected.
'Our research shows this nasty worm was spread via an operation that hunts down vulnerable public facing SMB ports,' Malwarebytes wrote. '[It] then uses the alleged NSA-leaked EternalBlue exploit to get on the network and then the (also NSA alleged) DoublePulsar exploit to establish persistence and allow for the installation of the WannaCry Ransomware'.