Ransomware hunters recently chanced upon a ransomware decryptor that supports the venerable Windows XP operating system.
Despite having its final release over a decade ago in 2008, Microsoft continued to support Windows XP for several more years, until it finally ceased this extended support in 2014. However it appears that many people still continue to use the defunct OS for everyday work, and since users continue to use Windows XP despite not having received security updates for several years, the OS is an easy target for threat actors.
The newly-discovered Avaddon ransomware decryptor is created specifically to decrypt Windows XP devices, and is proof that threat actors have tools to support the OS.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
>> Click here to start the survey in a new window<<
Cost of support
However, supporting an old defunct OS isn’t as simple or straightforward as it may appear.
BleepingComputer talked to the CTO of anti-malware software developer, Fabian Wosar to understand the troubles that ransomware authors had to go through to ensure their decryptor works on Windows XP.
Wosar said that since the latest integrated development environments (IDE), such as Visual Studio 2019, no longer be used to compile software for Windows XP, the threat actors probably use an older version with an older compiler to package the app for Windows XP.
This will also limit the crypto libraries they can use since the decryptors assembled with older compilers won’t be able to unlock them.
In fact, the process, and cost in terms of labour and time, of supporting Windows XP is high enough to dissuade Wosar from supporting the OS with Emisoft’s decrypters.