About two-thirds of the internet-connected computers sidelined by last week’s unprecedented ransomware attack were running outdated versions of Microsoft’s Windows 7 operating system at the time of infection, according to a new report.
The so-called “WannaCry” virus wreaked havoc around the world in recent days by primarily infecting vulnerable Windows 7 computers connected to the internet, security ratings firm BitSight told Reuters on Friday.
An analysis of 160,000 internet-connected computers infected with WannaCry suggest 67 percent were running Windows 7 without the latest security updates, Reuters reported citing BitSight’s findings.
Once compromised, those vulnerable computers provided WannaCry’s perpetrators with a gateway into an unknown number of Windows systems the world over as the virus wormed its way from machine to machine by exploiting a Microsoft vulnerability affecting multiple operating systems.
About 15 percent of the internet-connected computers infected with WannaCry were running Windows 10, Microsoft’s most recent operating system, while the remainder targeted previous versions including Windows 8.1, 8, XP and Vista, according to BitSight.
While the precise number of infected computers compromised by WannaCry remains unknown, previous reporting has suggested the ransomware attack claimed over 200,000 victims in at least 150 countries, including Britain’s national health care system, Russia’s central bank and Nissan’s automotive factory in Sunderland, England.
Microsoft released security updates for its newest operating systems in March meant to patch the critical vulnerability exploited by WannaCry’s authors, meaning affected entities may have avoided catastrophe had they updated their systems in the two months prior to last week’s attack.
“There are plenty of reasons people wait to patch, and none of them are good,” Ziv Mador, a security researcher at Trustwave’s Israeli SpiderLabs and a former Microsoft researcher, told Reuters.
Microsoft released Windows 7 in 2009, the likes of which is currently installed on less than half the world’s Windows PCs, according to Reuters. Microsoft released Windows 8 in 2012 and Windows 10 in 2015.
The U.K. National Health Service (NHS) — arguably the highest-profile victim of last week’s cyberattack — has since admitted running a number of computers at the time of infection installed with Windows XP, a 15-year-old operating system abandoned years ago by Microsoft and brimming with bugs.
According to BitSight, however, XP hardly helped propagate the worm within NSH — Windows XP computers infected with WannaCry crash before the virus can spread, BitSight told Reuters.