WannaCry exploited vulnerabilities in Windows believed to have been found in recently leaked NSA files. The issues were patched by Microsoft in March as part of the company’s monthly automatic security updates.
Because of this, fully updated machines were not impacted by the ransomware. WannaCry could only successfully hijack systems without the March security update installed. In most instances, WannaCry managed to take control of networks because administrators had delayed the installation of the patches, leaving their PCs at risk for longer.
READ MORE: HTC debuts the first squeezable smartphone
This wasn’t the case in every territory though. As Engadget reports, Finnish cybersecurity firm F-Secure has found evidence that WannaCry’s rapid proliferation was aided by pirated Windows copies. The ransomware was most successful in China and Russia, two countries with above-average distributions of illegal software.
Windows installations that aren’t verified as genuine are prevented from accessing Windows Update. Microsoft enforces this so it can pressure pirates into paying for the software if they want to stay safe. In this instance, the stipulation may have helped to enable the worldwide spread of a serious ransomware because of the number of pirated Windows copies in use.
A survey from The Software Alliance published earlier in the year reveals a staggering 70 percent of Chinese computer users do not own a license for their software. In Russia, piracy is similarly widespread with 64 percent of machines running non-genuine installations. In these countries, large companies and financial institutions also run pirated software, making them easy targets for attacks like WannaCry.
WannaCry should act as a wake-up call that highlights the risks of running illegally sourced software. Researchers are sceptical it will have any real impact though. Because piracy is so prolific in some regions of the world, any significant movement towards purchasing licenses would represent a major shift in the area’s digital culture.
“The only way I see this changing things is if the central government [in China] decides there is a risk to critical infrastructure from this threat and force people to buy legitimate software,” cybersecurity advisor Thomas Parenty said to The New York Times. “I don’t see that happening right now.”
The creators of WannaCry are still unknown and the malware is continuing to spread around the world. So far, over $50,000 has been paid into the Bitcoin wallet used to collect ransoms. The money hasn’t been moved on or withdrawn. Authorities are vigilantly watching for any changes that could help to trace the perpetrators.
An earlier “kill-switch” found in the ransomware which disabled the software over the weekend has now been removed by its creators, enabling WannaCry to gain traction again. There’s currently no known method to decrypt files. Cybersecurity experts worldwide are working to crack the code and develop a solution for affected organisations but there’s no word on when it will be ready.