The cyber researcher from the United Kingdom called MalwareTech stopped the WannaCry ransom ware that received manage of hundreds of computer systems in the world, forcing victims to pay from $300 et $600 in bitcoin to restore their files. WannaCry was able to exploit a windows vulnerability leaked in April and use a hacking device believed to be stolen from the national security agency. The ransom ware spread throughout 75,000 private computers, which includes forty-eight hospitals within the United Kingdom.
MalwareTech found an unregistered domain name in WannaCry and bought it for $10.69. Armed with the tool, the researcher pointed the domain to a server that reveals and analyzes malware traffic. The domain turned out to be a kill switch that allows a person to gain control of the ransomware. The domain was supposed to be unregistered, as the MalwareTech noted.
The domain is a sandbox feature in which protection equipment test code in secluded surroundings on a personal computer. The address in which MalwareTech registered his or her domain was pinged to all infected personal computer systems, not only the sandboxed computers. The domain was meant as an anti-sandbox measure they didn’t suppose via sufficiently, as MalwareTech cited.
Cisco Talos and different security companies showed the malware assault ended thanks to MalwareTech’s actions. Computer systems already infected, could still be at danger. Cisco Talos said that the Shadow Brokers, a hacking organization believed to have dumped national security agency hacking equipment, leaked the malware. Cisco Talos additionally mentioned that the hackers would try to set up WannaCry by a backdoor known as DoublePulsar leaked by Shadow Brokers. If the backdoor were not embedded on a target windows personal computer, it would attempt to exploit a flaw within the Microsoft OS Server Message Block, which is a network file sharing protocol.
Victims of WannaCry ransom ware had been informed not to pay the ransom. Microsoft and anti-virus companies have added WannaCry detections. Microsoft issued an advisory that it is releasing a patch for windows XPs that are out of assist and its recommending organizations disable the SMBv1 protocol. Nowadays windows machines are safe from the ransom ware.
Rob Wainwright, head of Europol, Europe’s chief regulation enforcement official, said that he is concerned the numbers of victims might increase while people turn on their machines Monday morning. A researcher at Proofpoint, Darien Huss, first found MalwareTech’s sinkhole was preventing the spread of the malware. Darien Huss agreed that the actors involved are amateurs based on the kill switch deployment. Huss mentioned it is probably some other assault will be coming very soon.
MalwareTech noted on Twitter that version 1 was stoppable but version 2 will probably remove the flaw. The researcher claimed on Twitter to be offering the national Cyber security Centre in the United Kingdom records to inform infected organizations. MalwareTech, who did not reveal their gender, did not desire to be a hero for stemming the spread of the malware. MalWareTech stated on Twitter that he or she wanted anonymity in order to not deal with reporters.