Hero Accidentally Finds ‘Kill Switch’ To Halt Massive Cyber-Attack Spread


An accidental hero has halted the spread of the “WannaCry ransomware” that wreaked havoc on various organisations across the globe on Friday, from the UK's National Health Service to European telecoms company Telefonica and FedEx of the US.

A cyber security researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and implemented a "kill switch" in the malicious software that was based on a cyber-weapon stolen from the US National Security Agency to strike organisations across the globe, The Guardian reported.

The hardcoded "kill switch" was in the malware system in case the creator wanted to stop it from spreading.

The process involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the “kill switch” takes effect and the malware stops spreading, the Guardian reported.
 


The rapid proliferation of the ransomware was stopped by the accidental hero @malwaretechblog early this morning (Pacific Time). “They get the accidental hero award of the day,” said Proofpoint's Ryan Kalember. “They didn't realise how much it probably slowed down the spread of this ransomware.”

But much of the damage has been done in Europe and Asia, where many organisations were affected. But US patched up their systems before they were infected.

The computers that have been infected by the ransomware will not be corrected and there is also a possibility that other variances of the malware with different kill switches will continue to spread.

Attacks then began being reported across many other countries, including Turkey, Vietnam, the Philippines, Japan, the US, China, Spain, Italy and Taiwan with the majority of affected computers in Russia.

The computers all appeared to be hit with the same ransomware, and similar ransom messages demanding about $300 to unlock their data, The New York Times reports.

The malware was circulated by email; targets were sent an encrypted, compressed file that, once loaded, allowed the ransomware to infiltrate its targets.

On 14 April, the malware was made available online through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of “cyber weapons” from the National Security Agency. —ANI


RELATED ARTICLES