Blogger Accidental Hero solves cyber hack issue... finds kill switch

[link to www.theguardian.com (secure)]



less than 50%
snip

An “accidental hero” has halted the global spread of the WannaCry ransomware, reportedly by spending a few dollars on registering a domain name hidden in the malware.

The ransomware has wreaked havoc on organizations including FedEx and Telefonica, as well as the UK’s National Health Service (NHS), where operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work.

However, a UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and activated a “kill switch” in the malicious software.
Live Cyber-attack: May says 'no evidence' NHS patient records compromised – live
British prime minister thanks NHS staff for working overnight after attack of ‘unprecedented’ scale
Read more

The number of his name indicated by his alleged initials makez me suspicious.
The switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.

[link to www.theguardian.com (secure)]



less than 50%
snip

An “accidental hero” has halted the global spread of the WannaCry ransomware, reportedly by spending a few dollars on registering a domain name hidden in the malware.

The ransomware has wreaked havoc on organizations including FedEx and Telefonica, as well as the UK’s National Health Service (NHS), where operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work.

However, a UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and activated a “kill switch” in the malicious software.
Live Cyber-attack: May says 'no evidence' NHS patient records compromised – live
British prime minister thanks NHS staff for working overnight after attack of ‘unprecedented’ scale
Read more

The switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.

If the virus was written in a managed language where it was that easy to look under the hood and see what it was doing, it wasn't a very advanced hacker who wrote the virus. I professional would use a low level language and obfuscate the code.

Or more likely, this guy just took notice of the virus trying to make a TCP connection to a non-existent domain and put two and two together.

Bullshit, government cover up. The virus was the governments doing and did exactly what they wanted it to do, cause and effect. They got what they wanted or killed who they wanted then they stopped the virus and they give this lame story. Bullshit.

Watch the shiny keys and pay no attention to the man behind the curtain.

This place never ceases to amaze me. Some kid attaches existing ransomware to an known vulnerability with a published exploit and it becomes a government psyop.

There was nothing sophisticated about this.