Self-taught security researcher stopped ransomware attack by registering a web domain for $10.
A 22-year-old self-taught security researcher (who still lives at home) known only as Malware Tech, managed to stop the spread of the seemingly unstoppable piece of malicious ransomware this weekend, during his vacation, without initially realizing he had…
Just really lucky?
You would think so, reading some of the reports in other news media. But when news of the ‘WannaCry’ ransomware attacks filtered through to him, he went without sleep for the next 48 hours alongside other colleagues investigating the malware.
MalwareTech, who has apparently resisted the continued urgings of his LA based employer to move to the US, managed to halt the malware spread by finding a ‘kill switch’ embedded in a chunk of the ransomware code.
The fix ‘was partially accidental,’ the young researcher told the BBC. MalwareTech noticed a domain name hidden in the malicious code that was unregistered. Essentially, it pointed to a website that didn’t exist.
E.T. phone home
The 22 year old then then bought the domain name in question, making the web address in the malware code, go ‘live,’ and the moment he did that, Wannacry stopped spreading. Basically, the moment the ransomware received a response from the now registered web address, it killed itself, and stopped itself spreading.
It isn’t over, till it’s over
Indeed. The apparent halt of Wannacry may only be temporary. “This is not over. The attackers will realize how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot,” MalwareTech said.
What if your business is already infected?
Well the news there isn’t all that good. Essentially unless you have all your files backed up at a regular interval and can restore and rebuild, you’re looking at losing all your data, unless you pay the fine. What MalwareTech has done essentially given the world some breathing space, if you will, to update its immunity. The attack started in Europe, spread to Asia and was well on its way to having a go at the US as well when Wannacry was halted from spreading.
The NSA? Really?
Looks like it. The malware code for WannaCry became available back in April, released by a group known as the ‘Shadow Brokers,’ who last year claimed to have stolen a bunch of cyber weapons from the US National Security Agency.
WannaCry initially demands payment of the virtually untraceable cryptocurrency, Bitcoin to the tune of $300. For the sake of clarity, the ransomware message has been made available in 28 languages. The longer a user waits to pay, the more money is demanded.