98% of WannaCry ransomware victims were Windows 7 users

The cyber attack using WannaCry ransomware was launched a little earlier than a week ago now[1], and analysis and research by cyber security experts bring more and more facts to the table. After all the debates whether North Korea[2] is behind the cyber attack or not attempts to find out whether it is Microsoft, U.S. National Security Agency, or hackers to blame for the infamous WannaCryptor ransomware attack[3], there are some good and interesting news we can share. Researchers managed to create WannaCry decryptor already[4], which works with all Windows versions vulnerable to this dangerous virus’ attack. However, research by Kaspersky reveals that the majority of Wana Decrypt0r 2.0 victims are Windows 7 users.

The majority of WannaCry victims were running Windows 7

According to the analysis by Kaspersky[5], over 98% of all reported WannaCry infections affected computers running Windows 7 OS, including 7 Home, 7 x64 Edition and 7 Home x64 Edition. Statistics show that the absolute majority of victims were using Windows 7 x64 Edition OS, scoring a whopping 60.35% of all affected Windows versions. 31.72% of all affected Windows OS goes to Windows 7 version. The analysis shows that only less than 2% of victims were using other affected OS versions, such as Windows 2008 R2. Although the table includes Windows 10 with only 0.03%, users shouldn’t think that this operating system is vulnerable to the WannaCry’s attack. This number appeared on the table due to testers and manual infections (for instance, for malware analysis). These statistics refute the popular belief that the ransomware mostly affected computers running Windows XP OS. On May 19, 2017, Costin Raiu, who is the director of Global Research and Analysis Team at Kaspersky Lab, shared a tweet saying that “The Windows XP count is insignificant.”

It is believed that the distribution of the original ransomware has significantly slowed down due to a fast response by IT security specialists and extensive media coverage. However, nowadays we see dozens of fake copies of the infamous ransomware, including Wana Decrypt0r 3.0. It seems that wannabe cybercriminals are trying to create identically-looking ransomware viruses to trick victims into paying the ransom. However, the vast majority of these WNCRY imitations do not even encrypt the data on the compromised computers. Therefore, we advise victims infected with such or similar ransomware identify the virus version before taking any actions.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions