Something very interesting appears to have happened accidentally! A security researcher seems to have temporarily at least stopped one variant of the WannaCry ransomware in its tracks. WannaCrypt also termed as WannaCry and Wcry or Wcrypt, has already caused massive damage worldwide. The ransomware has reportedly attacked businesses, hospitals, railways stations, universities and many other organizations inflicting a major devastation.
The security researcher had found that the WannaCry Ransomware made use of a domain located at iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com to carry out some pre-infection checks. If the domain was registered, WannaCry or WannaCrypt ransomware would start encrypting the files.
What the security researcher did was to spend GBP 10 and simply register this domain in his name.
By doing so, it accidentally stopped the ransomware from spreading further!
This, of course, a temporary break to the outbreak, and the malware writers will soon change the code and deploy a newer ransomware version.
Said his blog post,
Now you probably can’t picture a grown man jumping around with the excitement of having just been ransomwared, but this was me. The failure of the ransomware to run the first time and then the subsequent success on the second mean that we had in fact prevented the spread of the ransomware and prevented it ransoming any new computer since the registration of the domain (I initially kept quiet about this while I reverse engineered the code myself to triple check this was the case, but by now Darien’s tweet had gotten a lot of traction). So why did our sinkhole cause an international ransomware epidemic to stop?
You can read his full report on malwaretech.com to learn the details.
Microsoft has also released emergency WannaCry patches for non-supported operating systems like Windows XP, Windows 8, Windows Server 2003. Customers running Windows 10 are not targeted by the attack. Make sure you patch your system right away!
- Tags: Ransomware