After being affected by the notorious Wannacry ransomware over the last week, millions of victims around the world regretted using older versions of Windows, or not applying a patch that Microsoft had released in March to fix a vulnerability exploited by the malware.
While WannaCry is still evolving, people so far have been largely unaware about its reach, except for knowing that it targets nearly all Windows versions released before Windows 10.
One week after Wannacry started its global online rampage, security researchers now have a better understanding of how the ransomware spread so quickly, ensnaring over 300,000 computers in more than 150 countries.
While the focus so far has been mostly on computers running Windows XP, a set of newly released figures by Kaspersky Lab has revealed that almost all WannaCry victims were, in fact, running Windows 7.
#WannaCry infection distribution by the Windows version. Worst hit - Windows 7 x64. The Windows XP count is insignificant. pic.twitter.com/5GhORWPQij
— Costin Raiu (@craiu) May 19, 2017
According to data released by the cyber-security firm, about 98 percent of the affected computers were running some version of Windows 7 while just over 1 percent of infections were related to 2008 R2 Server clients. The Windows XP count, on the other hand, was "insignificant," the researchers said.
A recent market share statistics of desktop operating systems revealed that Windows 7 is still the most common version of Windows. It also accounts for nearly half of all OS platforms running on computers worldwide.
Since Microsoft has already confirmed that more recent versions of Windows aren't vulnerable to WannaCry, it's quite obvious that most of the infections would affect Windows 7-powered computers.
There's an easy fix, but with a catch
Although an accidental "kill switch" has significantly slowed down the WannaCry ransomware's spread, the threat is not completely over as copycat hacks and variations of the malware continue to pop up.
While security firms are working on to block the ransomware once and for all, a fix called "Wanakiwi" has been developed for a specific subset of WannaCry victims using Windows XP to Windows 7. It should also be noted that the tool works on infected computers that have not been rebooted since they were hit by WannaCry.
Actually, wanakiwi from Benjamin Delpy (@gentilkiwi) works for both Windows XP (x86 confirmed) and Windows 7 (x86 confirmed). This would imply it works for every version of Windows from XP to 7, including Windows 2003 (x86 confirmed), Vista and 2008 and 2008 R2.
Wanakiwi is based on French researcher Adrien Guinet's similarly named "Wannakey" tool, which removes the encryption key from the affected system's memory by injecting a decryption code to restore the encrypted data. The tool, however, works only on computers running on Windows XP.
Another French researcher Benajmin Delpy later updated Guinet's tool with Wanakiwi so the fix could support Windows 7 as well. Affected users just need to download the tool and run it on their infected machine.
Once users run the programme, it automatically scans a computer's memory for prime numbers — the foundation of encryption — and uses them to generate unlock keys for encrypted files. The reason it probably won't work on rebooted computers is that prime numbers may get erased after restarting a computer.
So if you are a WannaCry victim and haven't rebooted your computer since becoming infected, the Wanakiwi tool is definitely the only go-to solution available, if you don't want to pay up the ransom while also not willing to lose your files.
