Security

98% of WannaCry victims were running Windows 7, not XP

New data from Kaspersky Lab shows that almost all of the WannaCry/WannaCrypt ransomware worm victims were running some version of Windows 7.

While the original victims of the recent WannaCry epidemic were originally thought to be Windows XP users, new data from antivirus provider Kaspersky Lab shows that 98% of the victims were actually running Windows 7.

Costin Raiu, director of the global research and analysis team at Kaspersky Lab, released the firm's findings in a tweet on Friday. In the tweet, Raiu said that Windows 7 x64 was the worst hit of the versions, and the number of affected Windows XP systems was "insignificant."

windows7wc.jpg
Image: Kaspersky Lab

SEE: Why patching Windows XP forever won't stop the next WannaCrypt

What's more, in an interview with Ars Technica, Raiu said that most of the XP machines that were infected were likely done so on purpose for testing and evaluation. More data from BitSight also pointed to a low number of infected XP machines, but lists a smaller number of infected Windows 7 machines—67%.

While it is unclear what led to the Windows 7 vulnerability, many have posited that the victims may have missed a security patch Microsoft released in early 2017, accounting for a host of exploits made available by hacker group Shadow Brokers.

An intentional targeting of Windows 7 systems would have made sense, given the continuing popularity of the OS. An adoption trends survey by SpiceWorks released in April said that Windows 7 claimed 69% market share and 89% penetration rate.

wannacry.jpg
Zephyr18, Getty Images/iStockphoto

WannaCry first hit headlines on May 12, 2017, when it took down the UK's National Health Service (NHS). The attack spread rapidly, eventually affecting more than 300,000 PCs in multiple countries all over the world. The attack affected many organizations, but was especially prevalent in the healthcare industry.

While some steps have been taken to curb the attack, the business world still doesn't fully understand its long-lasting effects. It's also likely that there will be slightly different copycat attacks in the future.

Readers can find more information on how to defend themselves against WannaCry here.

The 3 big takeaways for TechRepublic readers

  1. Kaspersky Lab data show that 98% of WannaCry affected machines were actually running Windows 7, not XP.
  2. The reason behind the Windows 7 infection rates could have to do with a critical security patch issued in the spring of 2017 that some users may have missed.
  3. A SpiceWorks survey said that Windows 7 was the most popular Windows OS in terms of both market share and penetration, making it a clear victim for an attack like WannaCry.

Also see

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox