https://www.theverge.com/2017/5/19/15665488/wannacry-windows-7-version-xp-patched-victim-statistics One week after it first hit, researchers are getting a better handle on how the WannaCry ransomware spread so quickly — and judging from the early figures, the story seems to be almost entirely about Windows 7. According to data released today by Kaspersky Lab, roughly 98 percent of the computers affected by the ransomware were running some version of Windows 7, with less than one in a thousand running Windows XP. 2008 R2 Server clients were also hit hard, making up just over 1 percent of infections. Windows 7 is still by far the most common version of Windows, running on roughly four times as many computers as Windows 10 worldwide. Since more recent versions of Windows aren’t vulnerable to WannaCry, it makes sense that most of the infections would hit computers running 7. Still, the stark disparity emphasizes how small of a role Windows XP seems to have played in spreading the infection, despite early concerns about the outdated operating system. The new figures also bear on the debate over Microsoft’s patching practices, which generated significant criticism in the wake of the attack. Microsoft had released a public patch for Windows 7 months before the attack, but the patch for Windows XP was only released as an emergency measure after the worst of the damage had been done. The patch was available earlier to paying Custom Support customers, but most XP users were left vulnerable, each unpatched computer a potential vector to spread the ransomware further. Still, Kaspersky’s figures suggest that unpatched XP devices played a relatively small role in the spread of the ransomware. Some help is already arriving for systems infected by WannaCry. Because of sloppy coding, researchers have found that private system encryption keys can often be recovered from infected machines, allowing users to undo the damage done by the ransomware. A researcher from Quark Security has published an automated tool to manage that process, which should work for Windows 7, XP, Vista, and other affected versions.
As of Wednesday, half of all internet addresses corrupted globally by WannaCry were located in China and Russia, with 30 and 20 percent of infections, respectively, according to data supplied by threat intelligence firm Kryptos Logic. By contrast, the United States accounts for 7 percent of WannaCry infections while Britain, France and Germany each represent just 2 percent of worldwide attacks, Kryptos said. Only 309 transactions worth around $94,000 appear to have been paid into WannaCry blackmail accounts by Friday (1345 GMT), sevens days after the attack began. That's just under one in 1,000 of the estimated victims. This may reflect a variety of factors, security experts say, including scepticism that attackers will honor their promises or the possibility that organizations have back-up storage plans allowing them to recover their data without paying ransom.
One theory on the reason for unpatched machines is that patches break proprietary software. I wonder if that is it or is it just IT incompetence?
Way overblown scare stories. Anyone behind a proper hardware firewall is safe, as long as one does not install malicious code through dubious apps or clicks on content in emails or on websites that can infect a local machine. That malicious code cannot make its way on its own through a proper configured hardware firewall.