- Joined
- Jul 22, 2005
- Messages
- 9,023
- Thread Author
- #1
In one of the more serious malware attacks in recent years, primarily because it has attacked networked healthcare infrastructure, a lone 22-year old researcher may have successfully activated a killswitch to prevent the "WannaCry" or "WanaCryptor 2.0" from spreading to new systems.
The recent news of a wild malware infection being spread around the world like wildfire has captivated the imagination and sent some IT security firms into a tailspin.
How has it been disabled from propagating? In the malware, there is apparently a hard coded check to see if a very long and abstract domain name exists and is responding. If this happens, the malware stops its installation. The malware, which encrypts an entire hard drive, and demands ransom, has infected approximately 75,000 computers in over one hundred countries.
It is important to note that Microsoft released a patch to block this security vulnerability in MARCH of 2017, but:
1) Information technology administrators for mid-to-large institutions who did not pro-actively update or distribute Windows updates to the latest security patch levels failed in protecting from this threat.
2) Organizations and individual users running Windows XP and the related server products stopped receiving security updates as part of Microsoft's end of life policy in 2014.
The "accidental hero" who found the solution to this problem has emphasized that whoever developed this threat may alter it again, and that unpatched systems are NOT safe.
For more information:
Registering a single web address may have stopped a global malware attack
'Accidental hero' halts ransomware attack and warns: this is not over
The recent news of a wild malware infection being spread around the world like wildfire has captivated the imagination and sent some IT security firms into a tailspin.
How has it been disabled from propagating? In the malware, there is apparently a hard coded check to see if a very long and abstract domain name exists and is responding. If this happens, the malware stops its installation. The malware, which encrypts an entire hard drive, and demands ransom, has infected approximately 75,000 computers in over one hundred countries.
It is important to note that Microsoft released a patch to block this security vulnerability in MARCH of 2017, but:
1) Information technology administrators for mid-to-large institutions who did not pro-actively update or distribute Windows updates to the latest security patch levels failed in protecting from this threat.
2) Organizations and individual users running Windows XP and the related server products stopped receiving security updates as part of Microsoft's end of life policy in 2014.
The "accidental hero" who found the solution to this problem has emphasized that whoever developed this threat may alter it again, and that unpatched systems are NOT safe.
For more information:
Registering a single web address may have stopped a global malware attack
'Accidental hero' halts ransomware attack and warns: this is not over