Specifically, we talk about ransomware creators and tools to decrypt files that they themselves encrypt Despite having been without support for seven years, the 0.84% of users Windows continues using Windows XP, this figure being double that of Windows Vista. In turn, there is still a dangerous 18.63% of users still using Windows 7, despite the fact that it stopped having support in January 2020.
Windows XP gets support… from virus writers
Among the reasons for using such an old operating system is that there may be compatibility issues with software that only works on older systems. The problem is that these computers are used even with Internet connections, giving rise to all kinds of hacks and attacks, such as ransomware.
One way to take advantage of an unpatched operating system is to use a vulnerability to introduce a ransomware, encrypt the files, and wait for the infected person to pay the ransom for decrypting the files. The problem is that, to be able to recover them, cybersecurity and antivirus companies develop decryption tools, and therefore they have to dedicate efforts and resources to maintain compatibility with Windows XP.
Ransomware and Decryption Tool – Created with Visual Studio 2017
This also has to be done by the creators of the malware themselves. When they create ransomware, they also have to create a ransomware decryption tool that allows the hacked to decrypt the data. In order to develop it, they need to use Visual Studio 2017 and a computer with windows xp (It can be through a virtual machine), since Visual Studio 2019 does not allow compiling for Windows XP anymore.
This prevents them from enjoying the latest C ++ features, and so they have to create two decryption tools using the latest version of Visual Studio, as well as the version of Visual Studio 17, investing twice the resources.
Ransomware is one of the most dangerous malware that we can find on the Internet, since it can make us lose all our data forever. The only way to recover them is to use a decryption tool launched by a cybersecurity company, since paying a ransom is never a good idea because the attacker may have lost the email account to which the payment confirmation must be sent, as well as the attacker can directly ignore it, keep the money, and not give neither the key nor the tool.