Nearly all WannaCry victims were running Windows 7

Roughly 98 percent of PCs hit by the ransomware attack were running Windows 7, says security firm Kaspersky Lab.

Carrie Mihalcik Former Managing Editor / News
Carrie was a managing editor at CNET focused on breaking and trending news. She'd been reporting and editing for more than a decade, including at the National Journal and Current TV.
Expertise Breaking News, Technology Credentials
  • Carrie has lived on both coasts and can definitively say that Chesapeake Bay blue crabs are the best.
Carrie Mihalcik
Watch this: Why the WannaCry cyberattack is so bad, and so avoidable

The WannaCry ransomware attack takes advantage of a vulnerability in out-of-date versions of Microsoft Windows. The worst hit so far: people using Windows 7 .

Over the past week, the world faced one of the worst cyberattacks ever, which struck hospitals, schools and businesses around the globe. The attack encrypted, or scrambled, the files on more than 300,000 computers in 150 countries and demanded victims pay ransom of at least $300.

Roughly 98 percent of infected PCs were running a version of Windows 7, according to data released Friday by security firm Kaspersky Lab. About 1.5 percent of infections hit 2008 R2 Server clients, while Windows XP infections were "insignificant," Costin Raiu, director of research for Kaspersky Lab, said in a tweet.

Windows 7 is still the most common version of Microsoft's software, even though it was originally released in 2009. Microsoft first released a patch for the vulnerability back in March, but many people clearly didn't update. Last week, the company issued rare patches for older versions of Windows it no longer formally supports to protect against the ransomware.

"Those who are running our free antivirus software or have Windows Update enabled are protected," said a Microsoft spokesperson in an emailed statement. Microsoft is directing customers to its security blog for more information.

Update, 4:07 p.m. PT: Adds comment from Microsoft.