After all, the BSOD is also a useful feature!

The researchers of security firm Kryptos Logic has performed an extensive analysis of well known WannaCry ransomware.

One of the findings is really interesting (and funny!):

WannaCry can infect machines that still run Windows XP, but XP is so unstable and crashes too much to correctly spread the infection

In their sandbox, the researchers has first manually executed the WannaCry on a Windows 2008 machine, then tested propagation via the ETERNALBLUE exploit and sended the payload on using DOUBLEPULSAR.

Here’s the result:

  • Windows XP with Service Pack 2 —No infection
  • Windows XP with Service Pack 3 — Random blue-screen of death (BSOD) but no infection
  • Windows 7 64 bit with Service Pack 1 — Infected after multiple attempts
  • Windows Server 2008 with Service Pack 1 — Could not replicate infection, but reported exploited

Take a look to the full report on Kryptos Logic’s blog: