Latest "WannaCry" Malware Threat: Random guy activates killswitch

Discussion in 'Windows Security' started by Mike, May 13, 2017.

  1. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,491
    Likes Received:
    780
    In one of the more serious malware attacks in recent years, primarily because it has attacked networked healthcare infrastructure, a lone 22-year old researcher may have successfully activated a killswitch to prevent the "WannaCry" or "WanaCryptor 2.0" from spreading to new systems.

    The recent news of a wild malware infection being spread around the world like wildfire has captivated the imagination and sent some IT security firms into a tailspin.

    How has it been disabled from propagating? In the malware, there is apparently a hard coded check to see if a very long and abstract domain name exists and is responding. If this happens, the malware stops its installation. The malware, which encrypts an entire hard drive, and demands ransom, has infected approximately 75,000 computers in over one hundred countries.

    It is important to note that Microsoft released a patch to block this security vulnerability in MARCH of 2017, but:

    1) Information technology administrators for mid-to-large institutions who did not pro-actively update or distribute Windows updates to the latest security patch levels failed in protecting from this threat.

    2) Organizations and individual users running Windows XP and the related server products stopped receiving security updates as part of Microsoft's end of life policy in 2014.

    The "accidental hero" who found the solution to this problem has emphasized that whoever developed this threat may alter it again, and that unpatched systems are NOT safe.

    For more information:

    Registering a single web address may have stopped a global malware attack

    'Accidental hero' halts ransomware attack and warns: this is not over
     
  2. pnamajck

    pnamajck Well-Known Member

    Joined:
    Aug 28, 2014
    Messages:
    312
    Likes Received:
    64
    yep … i read similar article earlier as well, mike. however, in all fairness, how can any of us be sure the two entities are not one and the same person? i mean to say … nobody can and will be able to offer irrefutable proof that malwaretechblog is not part of, or have some intimate affiliation with, Shadow Brokers. and we sure as heck don't know the subversive politics behind the scheme. why would such a coup materialize? why indeed. yet another cover-up … where, oh where, is our friend mr. snowden.
     
  3. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,491
    Likes Received:
    780
    Edward Snowden (@Snowden) | Twitter

    I don't want to comment about who is allied with who or why, but the important thing for this forum is that 1) you are aware of these constantly emerging security risks 2) you have the self-empowering knowledge to prevent yourself from being victimized by any type of attacks such as these.
     
    bochane likes this.
  4. pnamajck

    pnamajck Well-Known Member

    Joined:
    Aug 28, 2014
    Messages:
    312
    Likes Received:
    64
    true of course. occasionally i forget which forum i am accessing … thanks, mike.
     
  5. Neemobeer

    Neemobeer Windows Forum Team
    Staff Member

    Joined:
    Jul 4, 2015
    Messages:
    3,158
    Likes Received:
    491
    Mike and kemical like this.
  6. nmsuk

    nmsuk Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Sep 7, 2009
    Messages:
    3,010
    Likes Received:
    248
    Only works if you've left the machine alone and haven't rebooted it. So I bet it's mostly useless for the majority of people infected
     

Share This Page

Loading...