Kaspersky report says Windows 7 was most affected OS due to WannaCry

Victims were warned that their files would be deleted within days if they did not pay up using Bitcoin, the world's biggest virtual currency.

According to the data, 60.35 percent devices running on Windows 7 x64 were hacked, followed by 31.72 percent on Windows 7, 3.67 percent on Windows 7 Home x64 Edition and 2.61 percent on Windows 7 Home.

Based on Guinet's findings, another security researcher named Benjamin Delpy has created 'WanaKiwi', a tool that can unlock WannaCry infected systems.

The WannaCry ransomware cyberattack infected more than 230,000 computers in 150 countries. The reason it probably won't work on rebooted computers is that prime numbers may get erased after restarting a computer.

At present, network security companies, including Kaspersky, are developing more effective means of fighting the WannaCry virus and decoding maliciously encrypted files, and relevant information will be released in a timely manner, Kaspersky said. Wanawiki needs to run because the ransomware's prime numbers can be overwritten. The WannaKey decryption tool is available for free and works on Windows XP operating system.

Europol confirmed on Twitter its European Cybercrime Centre had tested the tool and found it "to recover data in some circumstances".

"Nevertheless, the presence of this vulnerability appears to be the most significant factor that caused the outbreak", it said.

"The infection wave is far from being over", he wrote.

Roughly 98 percent of all computers that the ransomware hit were all running some version of Windows 7, with less than one in a thousand of targeted computers running Windows XP.

In addition to Windows 7, 1.5% of the victims of WannaCry were users of Windows Server 2008, the server version of this operating system.

Researchers also disclosed that unlike most ransomware variants, WannaCry doesn't seem to have spread via malicious email attachments, with a number of security firms saying they were unable to find a single infected email message. As a result, the WannaCry ransomware worm was able to use the SMB flaw to spread quickly throughout organizations. The patch blocked the vulnerability exploited by WannaCry. "The code is capable of targeting vulnerable machine by IP address and attempting exploitation via SMB port 445". That exploit was revealed when the Shadow Brokers hacking group released a trove of data stolen from the NSA in April.

  • Zachary Reyes