Very recently, a 22-year-old came in as a blessing in disguise when he accidentally put a halt to a vast number of attacks by the devastating WannaCry ransomware by buying a domain name hidden in the program for about £8.29 (Rs 700 approximately). WannaCry ransomware essentially locks a user out of their computer and demands a ransom paid in BitCoin to return control. The young analyst, whose identity is still concealed, tweets by the name of MalwareTech on Twitter, and works for a security firm called Kryptos Logic. He admitted that he had not realized that buying the domain name would have this fortunate effect.
I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
— MalwareTech (@MalwareTechBlog) May 13, 2017
How he basically disabled the ransomware attack was that that particular domain name which was purchased by him, is believed to have been written into the software by the hackers to act as a kill switch. Therefore, each time the program tried to infect a computer, it would try to contact the web page; if it failed, WannaCry would carry on with the attack, but if it succeeded it would stop.
In an interview with the Daily Beast, MalwareTech said he noticed the domain name, a string of nonsensical letters ending in gwea.com, in the code. He saw that the domain wasn’t registered and thought of purchasing it. After buying the domain name, he pointed it to a ‘sinkhole’ server, which is used as a safe place to dump malicious web traffic, hoping simply to get more information about WannaCry. ALSO READ: No, I don’t WannaCry, but we’re all collectively responsible for a lot of pain around us
“Immediately we saw five or six thousand connections a second.” He said that appeared to have stopped large numbers of attacks, but confessed he had done this “completely by accident.” However, he warned that despite this accidental save, people need to be precautious because the hackers could simply alter the program to carry on making attacks again. “If we did stop it, there’s like a 100 per cent chance they’re going to fire up a new sample and start that one again,” he said. ALSO READ: Global cyber attack hits hospitals, schools and companies; India among countries hit
The WannaCry ransomware is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. But computers and networks that didn’t update their systems remained at risk. Russia and Britain were among the worst-hit countries by the attack. The programme takes control over a user’s system and brings up a message telling users they can recover their files only if they send $300 (which has now believed to be increased to $600) in bitcoins to a specific address. ALSO READ: WannaCry ransomware: CERT-In explains measures to prevent infection, how to tackle the aftermath
Up till now, the global cyber-attack has affected more than 200,000 victims in 150 countries, which also includes India. Four computers of two village panchayats in Kerala were hit, at the Thariyode panchayat office in the hilly district of Wayanad. A section of computers of Andhra Pradesh’s police departments were affected too. Computers in 18 police units in Chittoor, Krishna, Guntur, Visakhapatnam and Srikakulam districts were affected. ALSO READ: Andhra Pradesh’s police departments affected by ‘WannaCry’ ransomware