Ransomware hunters recently chanced upon a ransomware decryptor (opens in new tab) that supports the venerable Windows XP operating system.
Despite having its final release over a decade ago in 2008, Microsoft continued to support Windows XP for several more years, until it finally ceased this extended support in 2014. However it appears that many people still continue to use the defunct OS (opens in new tab) for everyday work, and since users continue to use Windows XP despite not having received security updates for several years, the OS is an easy target for threat actors.
The newly-discovered Avaddon ransomware decryptor is created specifically to decrypt Windows XP devices, and is proof that threat actors have tools to support the OS.
- Check out our roundup of the best endpoint protection software (opens in new tab)
- Here are the best disaster recovery services (opens in new tab)
- These are the best malware removal (opens in new tab) software on the market
Cost of support
However, supporting an old defunct OS isn’t as simple or straightforward as it may appear.
BleepingComputer talked to the CTO of anti-malware software developer, Fabian Wosar to understand the troubles that ransomware authors had to go through to ensure their decryptor works on Windows XP.
Wosar said that since the latest integrated development environments (IDE) (opens in new tab), such as Visual Studio (opens in new tab) 2019, no longer be used to compile software for Windows XP, the threat actors probably use an older version with an older compiler to package the app for Windows XP.
This will also limit the crypto libraries they can use since the decryptors assembled with older compilers won’t be able to unlock them.
In fact, the process, and cost in terms of labour and time, of supporting Windows XP is high enough to dissuade Wosar from supporting the OS with Emisoft’s decrypters.
- We've also highlighted the best antivirus (opens in new tab) solutions