Researcher finds 'kill switch' for cyberattack ransomeware

May 13, 2017 by Kate Bartlett
A cybersecurity researcher appears to have discovered a "kill switch" that can prevent the spread of the WannaCry ransomware—for now—that has caused the cyberattacks wreaking havoc globally

A cybersecurity researcher appears to have discovered a "kill switch" that can prevent the spread of the WannaCry ransomware—for now—that has caused the cyberattacks wreaking havoc globally, they told AFP Saturday.

The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading.

"Essentially they relied on a domain not being registered and by registering it, we stopped their malware spreading," @MalwareTechBlog told AFP in a private message on Twitter.

The researcher warned however that people "need to update their systems ASAP" to avoid attack.

"The crisis isn't over, they can always change the code and try again," @MalwareTechBlog said.

Friday's wave of cyberattacks, which affected dozens of countries, apparently exploited a flaw exposed in documents leaked from the US National Security Agency.

The attacks used a technique known as ransomware that locks users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin.

Affected by the onslaught were computer networks at hospitals in Britain, Russia's interior ministry, the Spanish telecom giant Telefonica and the US delivery firm FedEx and many other organisations.

French carmaker Renault also announced it was attacked. A spokeswoman said the company was "doing what is needed to counter this attack."

"I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental," @MalwareTechBlog tweeted.

Ransomware: how hackers take your data hostage

Unfortunately however, computers already affected will not be helped by the solution.

"So long as the domain isn't revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again."

The malware's name is WCry, but analysts were also using variants such as WannaCry.

Forcepoint Security Labs said in a Friday statement that the attack had "global scope" and was affecting networks in Australia, Belgium, France, Germany, Italy and Mexico.

In the United States, FedEx acknowledged it had been hit by malware and was "implementing remediation steps as quickly as possible."

Also badly hit was Britain's National Health Service, which declared a "major incident" after the attack, which forced some hospitals to divert ambulances and scrap operations.

Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 (275 euros) in Bitcoin, saying: "Ooops, your files have been encrypted!"

It demands payment in three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to the screen message.

A hacking group called Shadow Brokers released the in April claiming to have discovered the flaw from the NSA, according to Kaspersky Lab, a Russian cybersecurity provider.

Kaspersky researcher Costin Raiu cited 45,000 attacks in 74 countries as of Friday evening.

Explore further: Alarm grows over global ransomware attacks

Related Stories

Alarm grows over global ransomware attacks

May 12, 2017

Security experts expressed alarm Friday over a fast-moving wave of cyberattacks around the world that appeared to exploit a flaw exposed in documents leaked from the US National Security Agency.

Explainer: What is ransomware?

May 13, 2017

Computers across the world were locked up Friday and users' files held for ransom when dozens of countries were hit in a cyber-extortion attack that targeted hospitals, companies and government agencies.

Recommended for you

Archaeologists discover Incan tomb in Peru

February 16, 2019

Peruvian archaeologists discovered an Incan tomb in the north of the country where an elite member of the pre-Columbian empire was buried, one of the investigators announced Friday.

Where is the universe hiding its missing mass?

February 15, 2019

Astronomers have spent decades looking for something that sounds like it would be hard to miss: about a third of the "normal" matter in the Universe. New results from NASA's Chandra X-ray Observatory may have helped them ...

What rising seas mean for local economies

February 15, 2019

Impacts from climate change are not always easy to see. But for many local businesses in coastal communities across the United States, the evidence is right outside their doors—or in their parking lots.

The friendly extortioner takes it all

February 15, 2019

Cooperating with other people makes many things easier. However, competition is also a characteristic aspect of our society. In their struggle for contracts and positions, people have to be more successful than their competitors ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.