• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

WannaCry ransomware: Researcher halts its spread by registering domain for $10.69

May 13th, 2017 Jahanzaib Hassan Hacking News, Malware, Security 0 comments
WannaCry ransomware: Researcher halts its spread by registering domain for $10.69
Share on FacebookShare on Twitter

Last year the Internet was taken down by cyber criminals through a massive Distributed Denial of Service Attack (DDoS) attack using the infamous Mirai malware. But last Friday afternoon, almost 99 countries including Russia, UK, USA and Australia became victims of a worldwide mass cyber-attack that has been reported to have caused major disruptions to systems that were being used by hospitals, companies, and other institutions.

The Shadow Brokers and the NSA

An unknown hacking group launched ransomware attack to a number of computers worldwide that is seemingly powered by a hacking tool developed by the National Security Agency for spying purposes.

The tool got leaked online by the “Shadow Brokers” group as part of their agenda to accumulate hacking tools developed by the agency. The tool is apparently given the name “Eternal Blue” and it exploits a vulnerability in Microsoft Windows.

What does the vulnerability to do?

According to experts, the vulnerability in Microsoft’s flagship operating system can be exploited by Eternal Blue which blocks access to a computer completely. What is more, is that the hacking group demanded a sum of $600 from the victims if they wanted to re-access their systems and de-encrypt the files accordingly.

Who has been affected?

Up till now, almost 75,000 computers have been reported to have become the victim of the cyber-attack. Moreover, over 40 NHS organizations had been affected initially on Friday in the UK, disrupting the entire health system of the country.

Experts say that the ransomware was spreading at an exponential rate of five million emails per hour resulting in the virus affecting a number of other countries as well, including Australia, Germany, Mexico, Italy, Belgium, France and Russia.

#WannaCry #ransomware used in widespread attacks all over the world via @Securelist https://t.co/zh012F9lCC pic.twitter.com/UzJVqUwbT6

— Kaspersky Lab (@kaspersky) May 12, 2017

Also, FedEx, one of the world’s leading courier organizations, had its entire system brought down. The German rail system also had its ticketing system hijacked by the ransomware.

Whoops. Foto vom Kollegen bekommen – Chemnitz Hauptbahnhof hat wohl ein Cryptolocker Problem. pic.twitter.com/IH5B5dyKvM

— Nick Lange (@Nick_Lange_) May 12, 2017

However, none of these were as big as the disruption which took place in Spain’s major telecommunication company, Telefonica. This was accompanied by attacks made on the power firm, Iberdrola, and the utility firm Gas Natural.

How was the attack carried out and stopped?

A security researcher going by the online handle of @MalwareTechBlog told AFP that the ransomware was spreading due to being connected to an unregistered domain. The researcher, therefore, said that the spread can be stopped by registering the domain and updating the systems immediately.

According to The Guardian, @MalwareTechBlog with the assistance of Darien Huss from security firm Proofpoint found and activated a “kill switch” in the malicious software. The switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.

“I saw it wasn’t registered and thought, ‘I think I’ll have that.” The purchase cost him $10.69. Immediately, the domain name was registering thousands of connections every second. They get the accidental hero award of the day,” said Proofpoint’s Ryan Kalember. “They didn’t realize how much it probably slowed down the spread of this ransomware.”

I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.

— MalwareTech (@MalwareTechBlog) May 13, 2017

The time that @malwaretechblog registered the domain was too late to help Europe and Asia, where many organizations were affected. But it gave people in the US more time to develop immunity to the attack by patching their systems before they were infected, said Kalember.

Also, many NHS organizations had Windows XP installed on their computers. Microsoft long stopped supporting the old version of Windows and hence the ransomware took advantage of this and was able to spread so conveniently. The old operating system did not alert the users of any viruses and did not have updates against such threats.

Microsoft’s take on the situation

A Microsoft’s spokesperson said that those who had enabled updates and had the company’s free antivirus software installed were not affected. Also, the company released an update earlier today which detects this threat as Ransom: Win32/WannaCrypt.

Microsoft has made the patch for MS17-010 available for XP and 2k3. Patch over the weekend. It's worth the overtime. https://t.co/XqXjprWtC1

— Jake Williams (@MalwareJake) May 13, 2017

The NHS system was the most badly hit

Soon after the attack, various hospitals postponed non-urgent appointments and ambulances changed routes. The systems were made to shut down altogether with doctors complaining about the major delays that occurred as a result. Up till now, all that is known is that various organizations have paid the demanded amount in Bitcoin. However, since all bitcoin transactions are recorded in a public ledger, it is hard to tell specifically which organizations paid the ransom.

At the time of publishing this article, the attacks were stopped. The @MalwareTechBlog also released in-depth details highlighting how he was able to accidentally stop the attack which can be read here.

  • Tags
  • Cyber Attack
  • hacking
  • internet
  • Malware
  • NSA
  • Privacy
  • Ransomware
  • security
Facebook Twitter LinkedIn Pinterest
Previous article Radio Station Caught Teaching Listeners How to Hide Child Pornographic Content
Next article Researcher Finds Kill Switch for new variant of WannaCry Ransomware
Jahanzaib Hassan

Jahanzaib Hassan

Related Posts
World's Most 'Resilient Malware' Botnet Emotet Taken Down

World's Most 'Resilient Malware' Botnet Emotet Taken Down

Top Cybersecurity Threats to Watch in 2021

Top Cybersecurity Threats to Watch in 2021

Database of 176 million Pakistani mobile phone users sold online

Database of 176 million Pakistani mobile phone users sold online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
NetWalker ransomware disrupted - Cryptocurrency and domain seized
Cyber Crime

NetWalker ransomware disrupted - Cryptocurrency and domain seized

36
Transferring Whatsapp data from iPhone to Android with MobileTrans
How To

Transferring Whatsapp data from iPhone to Android with MobileTrans

25
World's Most 'Resilient Malware' Botnet Emotet Taken Down
Cyber Crime

World's Most 'Resilient Malware' Botnet Emotet Taken Down

69

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us