Windows XP, resistant to WannaCry ransomware

Contrary to popular belief, Windows XP is not vulnerable to WannaCry ransomware. According to reports published by Kryptos Research, the company’s researchers found that rumors about the ransomware’s spread and agent are not true after attacking computers running Windows XP in a lab environment.

This ransomware attacks vulnerable systems without user intervention by exploiting a vulnerability in the Windows SMB file sharing system. When researchers at Cryptos exposed a Windows XP computer to this ransomware, without installing or spreading it, the ransomware simply crashed and displayed a Blue Screen of Death that required a hard reboot. Although it is still possible to manually install this ransomware on Windows XP computers, there is no way to install it automatically in the way that the ransomware spreads itself on this old operating system. In the worst case scenario, this ransomware could cause a large-scale Blue Screen of Death on Windows XP computers.

Although the Kryptos investigation questioned many of the initial analyses, as Kaspersky stated after its initial investigation, Windows XP was the least affected by the ransomware. Kaspersky found that computers running Windows 7 and Windows Server 2008 were the most affected. Initial reports suggested that Windows XP was vulnerable due to the focus on the UK National Health Service (NHS) systems, and that Microsoft had not released a patch. The NHS later denied these rumors, stating that only 5% of its operational computers were running XP at the time of the ransomware attack.

Although Microsoft stopped releasing security patches for Windows XP in 2014, users can still request and receive such patches directly from Microsoft because of support services. Microsoft did release a security patch, but it is unclear what difference it makes. The Kryptos report does not deny all security issues with XP. Systems can still be seriously damaged if WannaCry ransomware is installed directly. Furthermore, Windows XP can still be vulnerable to thousands of attacks that are being developed.

The Cryptos report has new information about the WannaCry ransomware and its spread, including that 727,000 new IP addresses have been added to the malware’s infected domains. The security firm predicts that the malware could be even more destructive, infecting 16 million more systems. In recent weeks, the number of infected systems in China has skyrocketed. Cryptos infected 1 million computers in China alone on May 23. It is still unclear why Chinese computers remain vulnerable. The country’s low adoption of Windows 10 may be a reason for this.