It now appears, the leading contributor to the virally spreading infection were Windows 7 machines that hadn't installed a critical security patch Microsoft issued in March.
The Kaspersky figures are illuminating because they show Windows 7 x64 Edition, which is widely used by large organizations, being infected close to twice as much as Windows 7 versions mostly used in homes and small offices.
"Developing a well-crafted campaign to identify just... a few thousand vulnerable machines would allow for the widespread distribution of this malware on the scale and speed that we saw with this particular ransomware variant," Malwarebytes Senior Malware Intelligence Analyst Adam McNeil wrote.
According to Secdo researcher Gil Barak: Based on these findings, we suspect that the scope of the damage is much greater than previously thought and that there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April...
To read full article - https://goo.gl/VLbP8N