Latest "WannaCry" Malware Threat: Random guy activates killswitch

Mike

Windows Forum Admin
Staff member
Premium Supporter
#1
In one of the more serious malware attacks in recent years, primarily because it has attacked networked healthcare infrastructure, a lone 22-year old researcher may have successfully activated a killswitch to prevent the "WannaCry" or "WanaCryptor 2.0" from spreading to new systems.

The recent news of a wild malware infection being spread around the world like wildfire has captivated the imagination and sent some IT security firms into a tailspin.

How has it been disabled from propagating? In the malware, there is apparently a hard coded check to see if a very long and abstract domain name exists and is responding. If this happens, the malware stops its installation. The malware, which encrypts an entire hard drive, and demands ransom, has infected approximately 75,000 computers in over one hundred countries.

It is important to note that Microsoft released a patch to block this security vulnerability in MARCH of 2017, but:

1) Information technology administrators for mid-to-large institutions who did not pro-actively update or distribute Windows updates to the latest security patch levels failed in protecting from this threat.

2) Organizations and individual users running Windows XP and the related server products stopped receiving security updates as part of Microsoft's end of life policy in 2014.

The "accidental hero" who found the solution to this problem has emphasized that whoever developed this threat may alter it again, and that unpatched systems are NOT safe.

For more information:

Registering a single web address may have stopped a global malware attack

'Accidental hero' halts ransomware attack and warns: this is not over
 


pnamajck

Senior Member
#2
yep … i read similar article earlier as well, mike. however, in all fairness, how can any of us be sure the two entities are not one and the same person? i mean to say … nobody can and will be able to offer irrefutable proof that malwaretechblog is not part of, or have some intimate affiliation with, Shadow Brokers. and we sure as heck don't know the subversive politics behind the scheme. why would such a coup materialize? why indeed. yet another cover-up … where, oh where, is our friend mr. snowden.
 


Mike

Windows Forum Admin
Staff member
Premium Supporter
#3
oh where, is our friend mr. snowden.
Edward Snowden (@Snowden) | Twitter

I don't want to comment about who is allied with who or why, but the important thing for this forum is that 1) you are aware of these constantly emerging security risks 2) you have the self-empowering knowledge to prevent yourself from being victimized by any type of attacks such as these.
 


pnamajck

Senior Member
#4
true of course. occasionally i forget which forum i am accessing … thanks, mike.
 


nmsuk

Windows Forum Admin
Staff member
Premium Supporter
#6
Only works if you've left the machine alone and haven't rebooted it. So I bet it's mostly useless for the majority of people infected
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.