'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack
Source: The Guardian
An accidental hero has halted the global spread of the WannaCry ransomware, reportedly by spending a few dollars on registering a domain name hidden in the malware.
The ransomware has wreaked havoc on organizations including FedEx and Telefonica, as well as the UKs National Health Service (NHS), where operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work.
However, a UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and activated a kill switch in the malicious software.
The switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to just as if it was looking up any website and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.
Read more: https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack?CMP=share_btn_tw
murielm99
(30,736 posts)Wonderful news!
nitpicker
(7,153 posts)still_one
(92,187 posts)through a "kill switch". Why couldn't they just say they neutralized it?
OnlinePoker
(5,719 posts)All they have to do is look to see if the domain name is active and know that their code had been broken.
L. Coyote
(51,129 posts)Augiedog
(2,545 posts)duncang
(1,907 posts)Is copy cats modifying the code.
Dustlawyer
(10,495 posts)Now they are saying this ___ person has put something in your DropBox.
Hassin Bin Sober
(26,326 posts)A real estate agent that has done a lot of business in my building was apparently hacked. She sent me an email with a link to sign up for a document downloading service.
Since I knew one of my neighbors was about to list their property I figured she would be needing disclosures from me as I am the board President.
Luckily my partner happened to be right there when I said "hmm, why does this thing want my email password"
kimbutgar
(21,137 posts)Someone I didn't know wanted me to open a bogus file.
PSPS
(13,594 posts)duncang
(1,907 posts)They were already worried the copy cats would be coming out. Personally I expect even worse ones coming out soon. Less time to respond or mangled code which even if someone pays they don't get back the files.
CousinIT
(9,241 posts)duncang
(1,907 posts)The UK cyber security researcher
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
raven mad
(4,940 posts)Excellent.
Honeycombe8
(37,648 posts)Hekate
(90,674 posts)jeffreyi
(1,939 posts)I've had my windows computer off for a few days. It's windows 10. Safe to use?
Sgent
(5,857 posts)function (it would have to be intentional), you'll be fine. Microsoft patched this in March. The reason its going around now is corporations that think they know better than Microsoft.
CousinIT
(9,241 posts)No doubt about that. So....keep those systems patched. Keep those network segments segmented. Keep those host-based firewalls updated.
PSPS
(13,594 posts)There are patches here for:
Windows Server 2003 SP2 x64
Windows Server 2003 SP2 x86
Windows XP SP2 x64
Windows XP SP3 x86
Windows XP Embedded SP3 x86
Windows 8 x86
Windows 8 x64