Friday, July 10, 21:05
Home inet WannaCry: Temporary kill switch solution

WannaCry: Temporary kill switch solution

Yesterday, through a series of publications, we announced that we know about the biggest ransomware attack that began on Friday. Using one of NSA's exploits recently leaked by the Shadow Brokers team, attackers could infect computers world-wide with WannaCry (a Windows exploit embedded in NSA's EternalBlue tool).

Microsoft has already released Several updates about this vulnerability, but many users and organizations did not bother updating their systems.WannaCry

The company in front of the devastating effects of the worm that continues to spread, overwhelmed and released updates for Windows XP, Windows (server) 2003 and Windows 8.

Yesterday we also mentioned that in the malware code there was also a disabling switch in the form of a kill switch domain.

What does this mean in simple words? When malware detects that there is a specific domain, it stops infections. This domain was created (registered) earlier today by a researcher, who observed the dot-com in the reverse-engineered binary. When the listing was detected by the malicious software, the ransomware distribution, and its worldwide spread, was immediately stopped.

But let's make it clear what the kill switch does:

The kill switch can not help devices that are already infected and locked with WannaCry.

By registering the domain and then moving it to a server environment that is meant to record and keep the sinkhole MalwareTech essentially bought time for systems that are not already infected.

"Fortunately, MalwareTech had the infrastructure to create a sinkhole," said Darien Huss, senior security research engineer at Proofpoint Security Company.

"If someone had bought the doamin and was not prepared then we would see too many infections right now."

If the installation did not have enough space and the server did not have enough bandwidth, the malware would not be trapped and would not be self-destructing.

Let's add that the discovery of MalwareTech is not a permanent solution. All it takes to get started again is a new WannaCry executive whose code will block the kill switch or use a more sophisticated URL generator instead of a static IP address.

However, the discovery of MalwareTech has helped slow down the process.

We hope that with so many security analysts who observe and analyze the behavior of WannaCry malware with reverse engineering, someone else will eventually find a more permanent disabling solution. Every minute counts ....


Please enter your comment!
Please enter your name here

In a world without fences and walls, who needs Gates and Windows


Sony: Invest $ 250 Million in Fortnite Epic Games!

Sony has made an investment of $ 250 million to acquire a 1,4% stake in Epic Games, ...

C-Data FTTH OLT devices contain backdoors

Serious vulnerabilities and backdoors were discovered by two security researchers in the firmware of 29 FTTH OLT devices, the popular equipment provider C-Data.

Spotify, Pinterest and Tinder are "crashing" because of D. Facebook

Popular applications and services, such as Spotify, Pinterest and Tinder, have cracked iOS devices ....

Technology and Teachers: What Do Experts Appreciate?

Too many educators around the world have struggled to adopt the technological tools in the midst of the pandemic to deliver lessons ...

COVID-19 apps: Virus detection applications violate privacy

COVID-19 apps: Beware, they violate private privacy Virus detection applications violate private privacy by recording more data than they need, setting ...

Debian 8 “Jessie”: Another version in End-of-life stage

After a long support of Debian 8 "Jessie", the development team of the operating system announced that it stops ...

Conti ransomware: Is it the successor to Ryuk ransomware?

Conti ransomware is a new threat targeting corporate networks. Its advanced capabilities allow it ...

Smartwatch tracker that helps vulnerable people can be hacked

Researchers have uncovered a number of serious security issues in a smartwatch tracker used in applications, including services designed for ...

WhatsApp: QR codes help you communicate with businesses

Facebook's messaging service, WhatsApp, has introduced two new features to help businesses ...

Zoom: Works to correct zero-day vulnerability

Zoom teleconferencing software works to fix a zero-day vulnerability revealed by the security company ...