Over the weekend, a massive ransomware attack dubbed WannaCry, or WanaCrypt0r 2.0 victimized thousands of computers globally. It started spreading Friday, May 12 and it has claimed 200,000 victims across 150 countries worldwide so far.
The attack has targeted private companies and public organizations and has actually endangered the lives of people. The attack crippled a number of hospitals in the United Kingdom and essential gas, telecommunications and water utilities in Spain.
While the scale of the WannaCry ransomware attack is unprecedented, it could have been much worse. Thanks to a 22-year-old researcher, a simple kill-switch was found and it halted the malware from infecting other machines, limiting its global spread.
On Saturday morning, security researchers announced that they found a way to limit the WannaCry ransomware’s potency. This “kill-switch” is as simple as registering a web address hidden in the ransomware’s code.
The 22-year-old credited for accidentally halting the spread has been identified as Marcus Hutchins of North Devon Coast in the U.K., also known as MalwareTech.
The long, nonsensical web address – iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, was found within a small section of the malicious software’s code. When the program attempts to infect a new machine, it checks this address first to see if this domain is available.
If it is unregistered and available, it proceeds with the infection process – encrypting the victim’s files and locking the system down with a ransom message.
When Hutchins saw this domain within the ransomware’s code, he bought it for $10.89, not knowing that the action would subsequently halt the ransomware’s spread.
Hutchins told The Guardian that he bought the domain with the initial intent of monitoring the attack’s deployment patterns but they “actually stopped the spread just by registering the domain.”
With the web address and domain occupied, the ransomware stops every new installation attempt. So even if the malicious software ends up on a computer, this “kill switch” will prevent it from holding the victim for ransom.
Don’t let your guard down
MalwareTech warned that “this is not over.” The attackers responsible for this latest ransomware assault could simply change the code (or the domain, for that matter), redeploy it and start again.
It is crucial that people keep their Windows systems up-to-date with the latest security patches, have anti-virus software installed, have regular backups and be extra vigilant with email attachments and unknown links.