Latest News

‘Accidental hero’ finds kill switch to stop spread of ransomware cyber-attack

Move by @malwaretechblog came too late for Europe and Asia, but people in the US “ve been given” more time to develop exemption to the attack

An accidental hero has halted the global spread of the WannaCry ransomware that has wreaked havoc on organizations including the UKs National Health Service( NHS ), FedEx and Telefonica.

A cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, discovered and implemented a kill switch in the malicious software that was based on a cyber-weapon stolen from the NSA.

The kill switch was hardcoded into the malware in case the developer wanted to stop it from spreading. This involved a very long nonsensical domain name that the malware makes a request to just as if it was looking up any website and if any such requests comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.

Of course, this relies on the developer of the malware registering the specific arena. In this case, the developer failed to do this. And @malwaretechblog did early this morning( Pacific Time ), halting the rapid proliferation of the ransomware.

They get the accidental hero accolade of the working day, supposed Proofpoints Ryan Kalember. They didnt recognize how much it was likely slowed down the spread of this ransomware.

The time that @malwaretechblog registered the domain was too late to help Europe and Asia, where many organizations were affected. But it committed people in the US more time to develop exemption to the attack by patching their structures before they were infected, supposed Kalember.

The kill switch wont aid anyone whose computer is already infected with the ransomware, and and its possible that there are other differences of the malware with different kill switches that will continue to spread.

The malware was made available online on 14 April through a dump by a group called Shadow Broker, which claimed last year to have stolen a cache of cyber weapons from the National Security Agency( NSA ).

Ransomware is a type of malware that encrypts a customers data, then necessitates payment in return for unlocking the data. This attack was caused by a flaw called WanaCrypt0r 2.0 or WannaCry, that exploits a vulnerability in Windows. Microsoft released a spot( a software update that set their own problems) for the flaw in March, but computers that have not installed the security update remain vulnerable.

MalwareTech (@ MalwareTechBlog)

I will confess that I was oblivious registering the domain would stop the malware until after i registered it, so initially it was accidental.

May 13, 2017

The ransomware necessitates customers pay $300 worth of cryptocurrency Bitcoin to retrieve their files, though it warning that the payment will be raised after a certain amount of period. Translations of the ransom content in 28 expressions are included. The malware spreads through email.

This was eminently predictable in lots of ways, supposed Ryan Kalember from cybersecurity firm Proofpoint. As soon as the Shadow Broker dump came out everyone[ in the security industry] realized that a lot of people wouldnt be able to install a spot, especially if they used operating systems like Windows XP[ which many NHS computers still use ], for which “they dont have” patch.

Security researchers with Kaspersky Lab have registered more than 45,000 attacks in 74 countries, includes the UK, Russia, Ukraine, India, China, Italy, and Egypt. In Spain, major companies including telecommunications firm Telefnica were infected.

By Friday evening, the ransomware had spread to the United States and South America, though Europe and Russia remained the hardest hit, according to security researchers Malware Hunter Team. The Russian interior ministry tells about 1,000 computers have been affected.

Read more: http :// www.theguardian.com/ us

Related Post

Most Popular

To Top