Move by @malwaretechblog came too late for Europe and Asia, but people in the US “ve been given” more time to develop immunity to the attack
An accidental hero has halted the global spread of the WannaCry ransomware that has wreaked havoc on organizations including the UKs National Health Service( NHS ), FedEx and Telefonica.
A cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, discovered and implemented a kill switch in the malicious software that was based on a cyber-weapon stolen from the NSA.
The kill switch was hardcoded into the malware in case the creator wanted to stop it from spreading. This involved a very long nonsensical domain name that the malware makes a request to just as if it was looking up any website and if the request coming through and shows that the domain is live, the kill switch takes effect and the malware stops spreading.
Of course, this relies on the creator of the malware registering the specific realm. In this case, the creator failed to do this. And @malwaretechblog did early this morning( Pacific Time ), halting the rapid proliferation of the ransomware.
They get the accidental hero awarding of the day, said Proofpoints Ryan Kalember. They didnt realise how much it was likely slowed down the spread of this ransomware.
The time that @malwaretechblog registered the domain was too late to help Europe and Asia, where many organizations were affected. But it committed people in the US more time to develop immunity to the attack by patching their systems before they were infected, said Kalember.
The kill switch wont help anyone whose computer is already infected with the ransomware, and and its possible that there are other variances of the malware with different kill switches that will continue to spread.
The malware was made available online on 14 April through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of cyber weapons from the National Security Agency( NSA ).
Ransomware is a type of malware that encrypts a users data, then demands pay in return for unlocking the data. This attack was caused by a flaw called WanaCrypt0r 2.0 or WannaCry, that exploits a vulnerability in Windows. Microsoft released a patch( a software update that set the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.
The ransomware demands users pay $300 merit of cryptocurrency Bitcoin to retrieve their files, although it was warns that the pay will be raised after a certain amount of hour. Translations of the ransom message in 28 speeches are included. The malware spreads through email.
This was eminently predictable in lots of ways, said Ryan Kalember from cybersecurity firm Proofpoint. As soon as the Shadow Brokers dump “re coming out” everyone[ in the security industry] realized that a lot of people wouldnt be able to install a patch, especially if they used an operating system like Windows XP[ which many NHS computers still use ], for which “they dont have” patch.
Security researchers with Kaspersky Lab have recorded more than 45,000 attacks in 74 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt. In Spain, major companies including telecommunications firm Telefnica were infected.
By Friday evening, the ransomware had spread to the United States and South America, though Europe and Russia remained the hardest hit, according to security researchers Malware Hunter Team. The Russian interior ministry says about 1,000 computers have been affected.