22-year-old halts global ransomware attack. Patch your systems now! 


Congratulations are in order for MalwareTech.

MalwareTech tweeted, “It’s very important everyone understands that all they need to do is change some code and start again. Patch your systems now!”

Read MalwareTech’s post on coming across a kill switch to stop the spread of the recent ransomware incident. MalwareTech: How to Accidentally Stop a Global Cyber Attacks | MalwareTech

MalwareTech: Finding the kill switch to stop the spread of ransomware – NCSC Site

Patch Your Systems Now!

For you Windiows XP users, you’re in luck. Microsoft has released a patch for Windows XP here: Customer Guidance for WannaCrypt attacks – MSRC

theguardian.com has a nice writeup: ‘Accidental hero’ halts ransomware attack and warns: this is not over | Technology | The Guardian

The “accidental hero” who halted the global spread of an unprecedented ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted.

The ransomware used in Friday’s attack wreaked havoc on organisations including FedEx and Telefónica, as well as the UK’s National Health Service(NHS), where operations were cancelled, X-rays, test results and patient records became unavailable and phones did not work.

But the spread of the attack was brought to a sudden halt when one UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a “kill switch” in the malicious software.

The researcher, who identified himself only as MalwareTech, is a 22-year-old from south-west England who lives with his parents and works for Kryptos logic, an LA-based threat intelligence company.

“I was out having lunch with a friend and got back about 3pm and saw an influx of news articles about the NHS and various UK organisations being hit,” he told the Guardian. “I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.”

The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and was immediately registering thousands of connections every second.

Bookmark and blogroll http://www.malwaretech.com to express some Internet gratitude.