Wanna-Cry Ransomware Hit Windows 7
The most machines hit by the WannaCry ransomware worm in the cyber-attack earlier in may were running Windows 7, security organizations suggest.
Much more than 97% of the infections seen by Kaspersky Lab and 66% of those seen by BitSight used the older software.
WannaCry started spreading in mid-May and, so much, has infected more than 200, 000 computers around the world.
In the UK, some hospitals experienced to turn away patients as the worm turn off computer systems.
Many recommended that the reason UK hospitals suffered was that many of them still relied on programs that required Windows XP – an edition of Microsoft’s OS that debuted in 2001.
But infections of XP by WannaCry were “insignificant” said Costin Raiu from Kaspersky Lab.
Windows 7 was initially released in 2009 and the most widely infected version was your x64 release, which is widely used in large organizations, demonstrated figures from Kaspersky.
Various organizations seem to be acquired recently been caught out because they failed to apply a patch, issued by Ms in March. that obstructed the vulnerability which WannaCry exploited.
Spanish telecoms solid Telefonica, French carmaker Renault, German rail firm Deutsche Bahn, logistics firm FedEx, Russia’s interior ministry and 61 NHS organizations were all trapped by WannaCry.
After encrypting files, the WannaCry worm demanded a payment of? 230 ($300) in bitcoins before they were unfrozen. Until now, a reported 296 payments totaling $99, 448 (£76, 555) have happened to the bitcoin wallets attached to the ransomware.
There were no reports that anyone that paid has experienced their data restored by the gang behind the attack.
Security experts also found that the earthworm spread largely by seeking out vulnerable machines on the Internet by itself. Before now, many thought it acquired got started via an email-based phishing campaign.
Adam McNeil, a senior malware analyst at Malwarebytes, said the worm was set up to look for machines vulnerable to a bug in a Microsoft technology known as the Server Message Block (SMB).
“The attackers initiated a procedure to hunt down susceptible public facing SMB slots and, once located, used the newly available SMB exploits to deploy malware and propagate to other vulnerable machines within linked networks, ” he had written.
Mr McNeil said this individual suspected that whoever was behind the worm first identifed a “few thousand” vulnerable machines which were used as the release platform for the much larger waves of contamination.