Security blogger accidentally stopped world's biggest cyber attack 'WannaCry'

0 Shares

You might recently have heard about the World’s biggest cyber attack in the news in past few hours. This cyber attack is spreading a Ransomware through the email, which makes all the data to be inaccessible by the user. Users/organizations were asked to pay $300 as a ransom amount to regain access to their vital data. If you don’t know about this attack read, How WannaCry ransomware locked millions of computer worldwide?
This is being called one of the world’s biggest cyber attack because it has infected millions of computers worldwide just within few hours.

UK based 22 years old security blogger found a Kill Switch which stopped the virus suddenly. Although, later he tweeted that, he was not aware of the Kill Switch before it got triggered.

I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.

— MalwareTech (@MalwareTechBlog) May 13, 2017

What is a Kill Switch?

A kill switch is a piece of code in a virus or malware which when triggered stops the virus/malware completely. Some attackers used this to halt the malware, if things go out of hand. However, it does not fix the affected computers but stops any further infection.

What exactly did he find in WannaCry?

In a blog post, he wrote that he found that “after getting into the computer the malware doesn’t suddenly start infecting the files. But it tries to connect to an unregistered website having jumble words like www.hsopespenvrbgssudsgihfdaz.com . Since the website was unregistered and inactive, it could not be able to contact the server, so it continues the process and starts scanning all the connected computers in LAN which can be infected, and just after copying itself to another computer, it starts infecting the vital data.”

By noticing the website, the guy started finding some information about the domain and to his surprise, he found that the domain was yet not registered. So, he visited the domain registrar and bought that domain to his name in £10 (10 euros). Until this, he was unaware the fact that this small thing was the Kill Switch.

Since now, the malware was able to connect to its server, it halted the further process of re-infection.

Does this mean ransomware is defeated?

Registration of a domain killed this particular malware. But security researchers have warned that the new variants of malware without any kill switch will be coming in future.

Malware Tech said,

We have stopped this one, but there will be another one coming and it will not be stoppable by us. There’s a lot of money in this, there is no reason for them to stop. It’s not much effort for them to change the code and start over.