Ransomware gangs are stuck supporting Windows XP

The Windows XP system has stopped supporting as early as 2014, which means that the operating system cannot obtain security updates from Microsoft and is no longer secure.

But it is undeniable that there are still a small number of users using this old system. Although the proportion is very low, there are still millions of users using the system.

Especially in the field of industrial control, the usage rate of this old operating system may be higher. After all, stability is the most important for industrial control companies, so it will not be upgraded.

But this situation also makes security researchers find a very funny phenomenon: there are ransomware gangs that develop decryption tools customized for Windows XP.

The researchers recently discovered a mysterious ransomware decryptor. Users who want to use this decryptor need to obtain the key provided by the ransomware team.

businesses Windows XP

After a targeted analysis, the researchers found that this decryptor was developed for Windows XP, and the development packages it used were all old versions.

But other decryption tools are developed using modern development tools and their compatibility is relatively good, so why should ransomware gangs develop customized versions?

The researchers said that this may be because the ransomware team found that its decryption tool lacks support for the old system, so it needs to develop additional tools for the old system.

The reason behind this is naturally the need to provide a decryptor to Windows XP users. After all, if someone has really paid the ransom, they have to decrypt the file.

Researchers said that development tools such as VS 2019 no longer support Windows XP, and ransomware developers must use VS 2017 and old compilers.

The problem is that if you want to use the latest features of C++, you must use a new version of the compiler, but the new version of the compiler does not support the old version of Windows XP.

For example, when the ransomware development team wants to use the CRYPTO library, Windows XP is not supported at all, so they can only use other methods to be compatible with the old system.

Ransomware gangs are likely to customize and develop the old version based on reputation considerations, because if the victim pays the ransom and does not obtain the key, it may reduce its credibility.

At that time, there may be fewer victims willing to pay the ransom and affect the revenue of the ransomware gangs, so they are forced to develop additional decryption tools.

Via: bleepingcomputer