WannaCry Ransomware Attack Temporarily Stopped By “Accidental Hero”


A U.K. cybersecurity researcher tweeting as @MalwareTechBlog, with the assistance of Darien Huss from security company Proofpoint, managed to stop the the global spread of the WannaCry ransomware strain which has infected thousands of personal computers and servers all around the world.

The kill switch was hidden in the ransomware source code in case the creator wanted to stop it spreading. The WannaCry’s propagation payload contains a very long nonsensical previously unregistered domain name
iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com that the malware makes a request to. If this hidden domain was not registered, WannaCry would start spreading and encrypting files. However, if the request comes back and shows that the domain is currently live, the kill switch takes effect and the ransomware stops further spreading.

By registering this domain for £10, @MalwareTechBlog author had accidentally activated a saving kill switch for WannaCry’s self-spreading feature.

“I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental”, said MalwareTech.

This doesn’t mean that WannaCry attacks are over, because the cybercriminals behind WannaCry can quickly intoduce a new ransomware version with a different domain, or a different source code.

“It’s very important everyone understands that all they need to do is change some code and start again. Patch your systems now!”, explained MalwareTech.



Please enter your comment!
Please enter your name here