Global Malware Hack Stopped Accidentally By A 22-Year-Old
|Early August 2016 my system was hacked by some ransomware. Well, that was just me and thank God I had a backup of my data because I couldn’t make the payment demanded by the attackers to unlock my data so I had to format the system and restored my backup saved in an external hard-drive.
I have never experienced something like that not until August 2016 when a friend of mine was surfing the net with my system under my watch, clicked on a pop-under that triggered the ransomware to encrypt my data within few seconds and requested for money to decipher my data. Most of my document wasn’t immediately but as soon as I open them I get locked out. Their names and file type changed and it spreads to documents of the previous file type to encrypt them too.
That was before Microsoft released a patch (a software update that fixes the problem) for the loophole in March. But to some of us out there who turn off automatic update (for sake of data consumption) off are still at risk to vulnerable to attackers. So you will be doing yourself greater good to run software update and reboot your system to apply the patch.
What is Ransomware?
Ransomware is a type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data. This attack used a piece of malicious software called “WanaCrypt0r 2.0” or WannaCry, that exploits a vulnerability in Windows.
Note: There is no patch released for users running an operating system like window XP as at the time of this post. So you might want to upgrade or backup your data.
The ransomware used in Friday’s attack unleashed havoc on organizations inclusive of FedEx and Telefónica, UK’s National Health Service (NHS), where operations were canceled, X-rays, test results and patient records became unavailable and phones did not work.
But the spread of the attack was cut off suddenly when a UK cybersecurity researcher known only by his twitter handle as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a “kill switch” in the malicious software.
The 22-year-old researcher from south-west England whose identity is known as MalwareTech works for Kryptos logic, an LA-based threat intelligence company.
According to him: “I was out having lunch with a friend and got back about 3 p.m. and saw an influx of news articles about the NHS and various UK organisations being hit. I had a bit of a look into that and then I found a sample of the malware behind it and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.”
The kill switch was hard-coded into the malware in case the creator wanted to stop it from spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and was immediately registering thousands of connections every second.
@MalwareTechBlog Tweet |
Hope this was helpful to you. Kindly do yourself a favour to run system updates and share to inform your friends to do same by using any of our share button above after post title or below comment box.