• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 15th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Cyber Events
Cyber Attacks

Researcher Finds Kill Switch for new variant of WannaCry Ransomware

May 14th, 2017 Waqas Security, Cyber Attacks, Cyber Crime, Malware 0 comments
Researcher Finds Kill Switch for new variant of WannaCry Ransomware
Share on FacebookShare on Twitter

Internet users worldwide are now familiar with the WannaCry or WanaCrypt0r ransomware attack and how cybercriminals used it to infect cyber infrastructure of banking giants, hospitals, tech firms and sensitive installation in more than 90 countries.

The users may also know that a British security researcher MalwareTechBlog accidentally discovered the kill switch of WanaCry by registering a domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea [dot] com) for just $10.69. The domain registry slowed down the attacks but didn’t stop them entirely

[irp posts=”52082″ name=”Here’s What a Samsung Galaxy S7 Hacked with Ransomware Looks Like”]

Saudi telecom under WannaCry ransomware attacks few a few hours ago.

125 victims paying now. ~18.5 bitcoin. ~$32K USD.

I rly hope this doesn’t get worse tomorrow. pic.twitter.com/0JHdyOAUrr

— boB Rudis (@hrbrmstr) May 14, 2017

Soon after, a security researcher from France going by the handle of @benkow_ on Twitter discovered a new variant WanaCrypt0r 2.0 and sent it to Matthieu Suiche for an in-depth analysis who is also an IT security researcher.

Upon analyzing, Suiche successfully discovered its kill switch which was another domain (ifferfsodp9ifjaposdfjhgosurijfaewrwergwea [dot] com). According to Suiche’s blog post, he then successfully registered the domain to halt the new and growing wave of cyber attacks through WannaCry ransomware.

New kill switch detected ! https://t.co/sMyyGWbgnF #WannaCry – Just pushed for an order ! pic.twitter.com/cV6i8DpaF4

— Matt Suiche (@msuiche) May 14, 2017

This version found on the right by @craiu was found on https://t.co/C4PLgbzCHw using YARA rules. Not in the wild, unlike the other variant.

— Matt Suiche (@msuiche) May 14, 2017

Thanks to @benkow_ who found what looks like a new 'kill switch' domain and @msuiche who registered it and transferred it to our sinkhole.

— MalwareTech (@MalwareTechBlog) May 14, 2017

[irp posts=”50474″ name=”Hackers Infect Hotel Door Lock System with Ransomware”]

  • “The security community has been active all week-end on this to slow down the progression of the attack as much as possible to avoid further damages in institutions like the NHS. The longer we wait for the faster the malware spreads, this is why I’m glad really I was able to register this second domain so quickly to avoid post-pone chaos like we saw with the NHS,” Suiche told HackRead

Although registering the new kill switch is just a temporary solution; one should expect more new variants of WannaCry ransomware. Therefore, for now, users are on their own and need to implement emergency security measures to make sure they don’t fall victim to these attacks. For this, users need to make sure following things:

  1. Do not open an unknown email
  2. Do not download files from an unknown email
  3. Do not click files from an unknown email
  4. Avoid visiting malicious sites
  5. Do not download software and apps from a third-party store/website
  6. Show hidden file extensions
  7. Keep your system updates
  8. Make sure you are using a reputable security suite
  9. Back up your data
  10. Use System Restore to get back to a known-clean state

What should Microsoft users do?

Windows is the most affected operating system in this cyber attack since WannaCry exploits a security flaw in SMB within Windows. The users can simply disable SMB to prevent against WannaCry attacks.

Microsoft has also taken the matter seriously and released an update earlier today which detects this threat as Ransom: Win32/WannaCrypt. However, one user on Imgur compiled a “direct download” list of all the patches released by Microsoft.

For more information visit Microsoft’s blog post on the WanaCry attack, apply patch asap and kudos to the security researchers who are spending all their time to protect users against WannaCry attack.

[fullsquaread][/fullsquaread]


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Cyber Attack
  • Cyber Crime
  • hacking
  • internet
  • Malware
  • Microsoft
  • NSA
  • Ransomware
  • security
  • Windows
Facebook Twitter LinkedIn Pinterest
Previous article WannaCry ransomware: Researcher halts its spread by registering domain for $10.69
Next article Uiwix, yet another ransomware like WannaCry - only more dangerous
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

FBI accessing computers across US to remove malicious web shells

FBI accessing computers across US to remove malicious web shells

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
ParkMobile parking app data breach - 21M user records stolen, sold
Hacking News

ParkMobile parking app data breach - 21M user records stolen, sold

Unpatched MS Exchange servers hit by cryptojacking malware
Security

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data
Leaks

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us