A BRIT INFOSEC BOD has halted the global spread of the WannaCry ransomware, by buying a domain name for eight quid.
The dude in question, a 22-year-old cybersecurity researcher who tweets as '@MalwareTechBlog', discovered a kill switch in the code of the ransomware that struck NHS hospitals across the UK on Friday.
The kill switch detects that a particular web domain exists, and when it does, stops spreading the infection. MalwareTechBlog registered the domain name - iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - for $10.69, which immediately halted it's worldwide spread.
"IP addresses from our sinkhole have been sent to FBI and ShadowServer so affected organisations should get a notification soon," said the researcher.
Later, he admitted that he wasn't aware registering the domain would halt the spread of the attack, which has seen him branded an as "accidental hero".
I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.— MalwareTech (@MalwareTechBlog) May 13, 2017
While the kill switch won't be of much use to those computers already affected, Microsoft has released emergency security patches to defend against the ransomware for unsupported versions of Windows, including Windows XP - which runs on 90 per cent of NHS Trusts systems - and Windows Server 2003.
To recap, on Friday, NHS hospitals across the UK were forced to shut down IT systems and telephones lines, and in some cases cancel operations and send patients home, after being struck by a ransomware attack, later identified a to be a variant of Wanna Decryptor/WannaCry/Wcry. The malware spread via is spreading via an SMB exploit in Windows, that was first outed in February and patched by Microsoft in March.
The ransomware demanded $300 worth of Bitcoin to restore ransomed files, and warned that files would be deleted in a week's time.
NHS Digital said in a statement: "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor," a spokesperson said.
"At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.
"NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations."
NHS Digital added that the attack was "not specifically targeted at the NHS and is affecting organisations from across a range of sectors". Later on Friday, it was revealed that the attack had spread to 75 countries, hitting Russia's interior ministry, the Spanish telecom giant Telefonica and the US delivery firm FedEx. µ
But there's no indication that data was used for nefarious purposes
But firm maintains that it received no selective treatment
More evidence that society gon' fall down go boom
Taking the fight to Windows Always-On with a wider range of apps