SHARE

wanadecrypt0r kill switch

Short Bytes: Security researcher from MalwareTech was able to halt the viral WanaCrypt0r ransomware while studying about the same. He registered an unregistered URL in the payload, and it turned out to be a kill switch to spread the malware. The URL might have been a command and control server or an intentional kill switch. Notably, WanaCrypt0r ransomware was spreading using a vulnerability disclosed by NSA records.

As a result of a new ransomware attack which gained traction in European countries and Russia, thousands of computers across the world were crippled. If you are still unaware of this scary rampage, read about WanaCrypt0r ransomware here. Once infected, a computer denied access to the user’s files and asked for a ransom of about $300 in bitcoin.

The impact of the ransomware can be measured by the fact Microsoft released a rate and urgent patch for Windows XP (which is unsupported since 2004) to help protect the XP machines. But, thanks to a security researcher at MalwareTech, the pace of the attack was slowed down.

Accidental WanaCrypt0r Kill Switch

While working with WanaCrypt0r, MalwareTech found that the notorious coders of ransomware created it to find if a certain random URL led to a live web page. It turns out that as long as the domain was unregistered and inactive, the ransomware kept spreading.

To check the same and analyzing the traffic, MalwareTech bought the domain for $10.69. As soon as the URL went live, the whole thing shut down. Now, when the code pinged that domain, it turned out to be registered and the ransomware would not activate.

This way, MalwareTech pulled the plug without even realizing. It should be noted that it doesn’t help the affected people, but it stops WanaCrypt0r from spreading further.

In another development, it’s being reported that the second version of the ransomware, i.e., WannaCry 2.0, is spreading. We’ll be soon telling you more about the same.

Did you find this story on WanaCrypt0r interesting? Don’t forget to share your views.

Also Read: MP3 Audio Format Is Officially Dead
SHARE
Adarsh Verma
Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]

FOSSBYTES DEALS