An accidental hero has halted the global spread of the 'WannaCry ransomware' that wreaked havoc on various organizations across the globe on Friday, from the UK's National health Service to European telecoms company Telefonica and FedEx of the US.
A cyber security researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and implemented a "kill switch" in the malicious software that was based on a cyber-weapon stolen from the US National Security Agency to strike organisations across the globe, The Guardian reported.
The hardcoded "kill switch" was in the malware system in case the creator wanted to stop it from spreading. The process involved a very long nonsensical domain name that the malware makes a request to - just as if it was looking up any website - and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading, the Guardian reported.
The rapid proliferation of the ransomware was stopped by the accidental hero @malwaretechblog early this morning (Pacific Time).
"They get the accidental hero award of the day," said Proofpoint's Ryan Kalember. "They didn't realize how much it probably slowed down the spread of this ransomware."
But much of the damage has been done in Europe and Asia, where many organizations were affected. But US patched up their systems before they were infected.
The computers that has been infected by the ransomware will not be corrected and there is also a possibility that other variances of the malware with different kill switches will continue to spread.
Attacks then began being reported across many other countries, including Turkey, Vietnam, the Philippines, Japan, the U.S., China, Spain, Italy and Taiwan with the majority of affected computers in Russia.
The computers all appeared to be hit with the same ransomware, and similar ransom messages demanding about $300 to unlock their data, The New York Times reports.
The malware was circulated by email; targets were sent an encrypted, compressed file that, once loaded, allowed the ransomware to infiltrate its targets.
On 14 April ,the malware was made available online through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of "cyber weapons" from the National Security Agency.
Disclaimer: No Business Standard Journalist was involved in creation of this content
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app