Researcher Finds Kill Switch for new variant of WannaCry Ransomware

Internet users worldwide are now familiar with the WannaCry or WanaCrypt0r ransomware attack and how cybercriminals used it to infect cyber infrastructure of banking giants, hospitals, tech firms and sensitive installation in more than 90 countries.

The users may also know that a British security researcher MalwareTechBlog accidentally discovered the kill switch of WanaCry by registering a domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea com) for just $10.69. The domain registry slowed down the attacks but didn’t stop them entirely

https://twitter.com/hrbrmstr/status/863740208675782656

Soon after, a security researcher from France going by the handle of @benkow_ on Twitter discovered a new variant WanaCrypt0r 2.0 and sent it to Matthieu Suiche for an in-depth analysis who is also an IT security researcher.

Upon analyzing, Suiche successfully discovered its kill switch which was another domain (ifferfsodp9ifjaposdfjhgosurijfaewrwergwea com). According to Suiche’s blog post, he then successfully registered the domain to halt the new and growing wave of cyber attacks through WannaCry ransomware.

https://twitter.com/msuiche/status/863730377642442752

https://twitter.com/msuiche/status/863834717166202882

https://twitter.com/MalwareTechBlog/status/863759471088201728

• “The security community has been active all week-end on this to slow down the progression of the attack as much as possible to avoid further damages in institutions like the NHS. The longer we wait for the faster the malware spreads, this is why I’m glad really I was able to register this second domain so quickly to avoid post-pone chaos like we saw with the NHS,” Suiche told HackRead

Although registering the new kill switch is just a temporary solution; one should expect more new variants of WannaCry ransomware. Therefore, for now, users are on their own and need to implement emergency security measures to make sure they don’t fall victim to these attacks. For this, users need to make sure following things:

1. Do not open an unknown email
2. Do not download files from an unknown email
3. Do not click files from an unknown email
4. Avoid visiting malicious sites
5. Do not download software and apps from a third-party store/website
6. Show hidden file extensions
7. Keep your system updates
8. Make sure you are using a reputable security suite
9. Back up your data
10. Use System Restore to get back to a known-clean state

What should Microsoft users do?

Windows is the most affected operating system in this cyber attack since WannaCry exploits a security flaw in SMB within Windows. The users can simply disable SMB to prevent against WannaCry attacks.

Microsoft has also taken the matter seriously and released an update earlier today which detects this threat as Ransom: Win32/WannaCrypt. However, one user on Imgur compiled a “direct download” list of all the patches released by Microsoft.

For more information visit Microsoft’s blog post on the WanaCry attack, apply patch asap and kudos to the security researchers who are spending all their time to protect users against WannaCry attack.

DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.