A ransomware cyber-attack called ‘WannaCry’ had wreaked havoc among organisations spanning over 100 countries which mainly targeted the medical organisations. But a 22-year old UK cyber security researcher – Darien Huss, “accidentally” managed to stop the spread of a ransomware attack that hit the NHS and organisations across the globe.
The health services across 100 countries where haunted by the spread of a ransomware called ‘WannaCry’ which had caused chaos even in high-profile organisations like FedEx, Telefonica, UK’s National Health Services (NHS) and had infected tens of thousands of computers in 100 countries including Russia, China, Britain, India and many others. Cyber-security firm Avast said it had seen 75,000 cases of the ransomware – known as WannaCry and variants of that name around the world.
The malware spread quickly on Friday, with medical staff in the UK reportedly seeing computers go down “one by one”. The ransomware demanded a payment of $300 of virtual currency Bitcoin to unlock the files for each computer. The messages flashed up saying that their files have been encrypted and they must pay cash or lose access to them. It is believed that the ransomware used hacking tools developed at US National Security Agency.
However, working alongside Darien Huss from security firm Proofpoint, a British cyber security researcher managed to find and activate a “kill switch” built into the software on Friday, stemming the flow of attacks. The switch was hardcoded into the malware just in case the creator wanted to stop if from spreading. The process of stopping the spread of WannaCry involves a very long ‘nonsensical’ domain name that the malware makes request to just as if it was looking up any website, and if the request comes back and shows that the domain is live, the kill switch takes effect right away and stops the ransomware from spreading.
This was an ‘accidental’ finding because Darien said that he found the domain and it wasn’t registered so he thought to get the domain which costed him $10.69. Immediately, the domain name was registering thousands of connections every second and voila! Although it was too late already, the kill switch gave US more time to develop immunity to the attack by patching their systems. The kill switch won’t help anyone whose computer is already infected with the ransomware, and it’s possible that there are other variants of the malware with different kill switches that will continue to spread. This malware was made online on April 14 by a group called ‘Shadow Brokers’ who claimed last year that they have stolen the cache of cyber weapons from the National Security Agency (NSA).
The kill switch found by Darien is capable of stopping the spread of ‘WannaCry or WanaCrypt0r 2.0’ malware which exploits a vulnerability in Windows. Microsoft released a patch (a software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable. Oh and thank you Darien.