link4116 link4117 link4118 link4119 link4120 link4121 link4122 link4123 link4124 link4125 link4126 link4127 link4128 link4129 link4130 link4131 link4132 link4133 link4134 link4135 link4136 link4137 link4138 link4139 link4140 link4141 link4142 link4143 link4144 link4145 link4146 link4147 link4148 link4149 link4150 link4151 link4152 link4153 link4154 link4155 link4156 link4157 link4158 link4159 link4160 link4161 link4162 link4163 link4164 link4165 link4166 link4167 link4168 link4169 link4170 link4171 link4172 link4173 link4174 link4175 link4176 link4177 link4178 link4179 link4180 link4181 link4182 link4183 link4184 link4185 link4186 link4187 link4188 link4189 link4190 link4191 link4192 link4193 link4194 link4195 link4196 link4197 link4198 link4199 link4200 link4201 link4202 link4203 link4204 link4205 link4206 link4207 link4208 link4209 link4210 link4211 link4212 link4213 link4214 link4215 link4216 link4217 link4218 link4219 link4220 link4221 link4222 link4223 link4224 link4225 link4226 link4227 link4228 link4229 link4230 link4231 link4232 link4233 link4234 link4235 link4236 link4237 link4238 link4239 link4240 link4241 link4242 link4243 link4244 link4245 link4246 link4247 link4248 link4249 link4250 link4251 link4252 link4253 link4254 link4255 link4256 link4257 link4258 link4259 link4260 link4261 link4262

Tag: Ransomeware

UK Security Researcher Pulls Handbrake on Global Ransomware Menace

UK Security Researcher Pulls Handbrake on Global Ransomware Menace

UK Security Researcher Pulls Handbrake on Global Ransomware Menace

A U.K.-based cyber researcher known as MalwareTech stopped the WannaCry ransomware that gained control of thousands of computers worldwide, forcing victims to pay $300 in bitcoin to restore their files.

WannaCry was able to exploit a Windows vulnerability leaked in April and use a hacking tool believed to be stolen from the National Security Agency (NSA).

The ransomware spread across 75,000 PCs, including 48 hospitals in the U.K.
 

Accidental Fix

MalwareTech discovered an unregistered domain name in WannaCry and purchased it for $10.69. Armed with the tool, the researcher pointed the domain to a sinkhole (a server that finds and analyzes malware traffic). The domain turned out to be a kill switch that enables someone to gain control of the ransomware.

The domain was intended to be unregistered, the MalwareTech noted. By registering it, subsequent actions were prevented.

The domain is a “sandbox” feature where security tools test code in a secluded environment on a PC. The address where MalwareTech registered his or her domain was pinged to all infected PCs, not just the sandboxed PCs.

The domain was meant as an “anti-sandbox” measure they didn’t think through sufficiently, MalwareTech said.

Cisco Talos and other security firms confirmed the malware attack ended thanks to MalwareTech’s actions. Computers already infected, however, could still be at risk.

 

Shadow Brokers Behind The Hack?

Talos said the malware was leaked by the Shadow Brokers, a hacking group believed to have dumped NSA hacking tools.

Talos said the hackers will try to install WannaCry by means of a backdoor called DoublePulsar leaked by Shadow Brokers. If the backdoor was not embedded on a target Windows PC, it would try to exploit a flaw in the Microsoft OS Server Message Block, which is a network file sharing protocol.

Victims have been told not to pay the $300 ransom.

Microsoft and anti-virus providers have introduced WannaCry detections.

Microsoft issued an advisory that it is releasing a patch for Windows XPs that are out of support and its recommending companies disable the SMBv1 protocol.

Up-to-date Windows machines are safe from the ransomware.

Rob Wainwright, head of Europol, Europe’s chief law enforcement official, told the media he is concerned the numbers of victims could grow when people turn on their machines Monday morning.

A researcher at Proofpoint, Darien Huss, first discovered MalwareTech’s sinkhole was stopping the spread of the malware.

Huss agreed that the actors involved are amateurs based on the kill switch deployment. He said it is likely another attack will be coming soon.

 Nearly $53k in bitcoin ransoms paid with WannaCry

Other Ransomware Versions Can Pose Risks

MalwareTech noted on Twitter that Version 1 was stoppable but Version 2 will likely remove the flaw.

The researcher claimed on Twitter to be providing the National Cyber Security Centre in the U.K. data to notify infected companies.

On Monday, MalwareTech advised people via Twitter they are at risk if they turn on a system without the MS 17-010 patch and TCP port 445 open.

MalwareTech, who did not reveal their gender, did not wish to be celebrated as a hero for stemming the spread of the malware. MalWareTech noted on Twitter that he or she wanted anonymity in order not to have to deal with journalists.

 

David Ogden
Entrepreneur

 

By Lester Coleman

Alan Zibluk Markethive Founding Member