No, Windows XP didn’t fuel WannaCry
The global WannaCry attack that started 10 days ago touched just a handful of Windows XP PCs, a security expert said Monday, contradicting the narrative that the aged OS was largely responsible for the ransomware’s crippling impact.
“There were no real WannaCry infections of Windows XP,” said Costin Raiu, director of Kaspersky Lab’s global research and analysis team, in an interview Monday. “We’ve seen only a handful of cases, less than a dozen, and it looks like most of them were testers [self-infecting systems].”
Raiu’s claim countered an assertion made by virtually every media report and blog post published after “WannaCry” emerged June 12. Countless news stories blamed Windows XP, which Microsoft retired three years ago, for falling victim to the attack because the vulnerability that WannaCry exploited had not been patched in the obsolete OS.
Rather than take aim at Windows XP, WannaCry targeted Windows 7 and Windows Server 2008, Kaspersky’s data showed. The vast majority — 98.4% — had put the crosshairs on Windows 7, which remains the world’s most popular edition. To come up with that figure, Kaspersky tallied the WannaCry detections its security software logged — and blocked — on various versions of Microsoft’s operating system.
The reason for XP’s absence from the WannaCry count was simple. “WannaCry itself did not support Windows XP,” Raui said, noting that the exploit neither focused on XP or reliably worked on the 2001 operating system. Individual machines could be infected — the researchers and testers who put WannaCry on Windows XP systems likely ran it manually — but the worm-like attack code would not spread from an XP PC, and in some cases, executing the exploit crashed the computer.