Title: 22 year old discovers wannacry ransomware kill switch by accident Post by: Hydrogen on May 13, 2017, 10:00:34 PM Quote A 22-year-old cybersecurity analyst accidentally shut down vast numbers of attacks by the devastating WannaCry ransomware by buying a domain name hidden in the program for about £8.29. The domain name is believed to have been written into the software by the hackers to act as a kill switch. Each time the program tried to infect a computer, it would try to contact the webpage. If it failed, WannaCry would carry on with the attack, but if it succeeded it would stop. The analyst, who tweets as MalwareTech and works for Kryptos Logic, a security firm, admitted he had not realised that buying the domain name, for just $10.69, would have this fortunate effect. http://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-cyber-attack-ransomware-wannacry-accidentally-discovers-kill-switch-domain-name-gwea-a7733866.html With WannaCry being in the major news, what do people think of this? Was it too easy to shut down this malware? Should such a thing be suspicious? Title: Re: 22 year old discovers wannacry ransomware kill switch by accident Post by: achow101 on May 13, 2017, 10:09:24 PM With WannaCry being in the major news, what do people think of this? Read what the guy himself says about it: https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.htmlWas it too easy to shut down this malware? Should such a thing be suspicious? Basically, he thinks that it was just a very poorly written anti-sandboxing thing. Title: Re: 22 year old discovers wannacry ransomware kill switch by accident Post by: pearlmen on May 13, 2017, 10:17:05 PM If that is the case, I wouldn't believe such thing because it just does not add up that a system built to siphone such amount of fund will just be taken down with little or no effort at all will be a mystery that is yet to be solved. Its just like someone arguing sometimes in the past few days about trying to know the wallet that contained Satoshi's stash then I ask myself will he be so foolish to have made it so obvious for anyone to see it if he could build something anonymous as bitcoin.
Title: Re: 22 year old discovers wannacry ransomware kill switch by accident Post by: SneakWulf on May 13, 2017, 10:32:01 PM Quote A 22-year-old cybersecurity analyst accidentally shut down vast numbers of attacks by the devastating WannaCry ransomware by buying a domain name hidden in the program for about £8.29. The domain name is believed to have been written into the software by the hackers to act as a kill switch. Each time the program tried to infect a computer, it would try to contact the webpage. If it failed, WannaCry would carry on with the attack, but if it succeeded it would stop. The analyst, who tweets as MalwareTech and works for Kryptos Logic, a security firm, admitted he had not realised that buying the domain name, for just $10.69, would have this fortunate effect. http://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-cyber-attack-ransomware-wannacry-accidentally-discovers-kill-switch-domain-name-gwea-a7733866.html With WannaCry being in the major news, what do people think of this? Was it too easy to shut down this malware? Should such a thing be suspicious? sure, i love how media said that it is "accidentally". 1. crazy spread all over internet (even hitting cloud server) 2. reverse engineering the malware in only 24-36 hours after spread. but i don't know, maybe he is just the right guy on the right place at the right moment Title: Re: 22 year old discovers wannacry ransomware kill switch by accident Post by: rytyr on May 13, 2017, 10:37:12 PM Quote A 22-year-old cybersecurity analyst accidentally shut down vast numbers of attacks by the devastating WannaCry ransomware by buying a domain name hidden in the program for about £8.29. The domain name is believed to have been written into the software by the hackers to act as a kill switch. Each time the program tried to infect a computer, it would try to contact the webpage. If it failed, WannaCry would carry on with the attack, but if it succeeded it would stop. The analyst, who twets as MalwareTech and works for Kryptos Logic, a security firm, admitted he had not realised that buying the domain name, for just $10.69, would have this fortunate effect. http://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-cyber-attack-ransomware-wannacry-accidentally-discovers-kill-switch-domain-name-gwea-a7733866.html With WannaCry being in the major news, what do people think of this? Was it too easy to shut down this malware? Should such a thing be suspicious? It was an ISP call center in russia I believe. Title: Re: 22 year old discovers wannacry ransomware kill switch by accident Post by: Marma Kalari on May 13, 2017, 11:01:55 PM I am hearing about this for the first time and on reading it looks like the hacker was a noob since it was not properly written and so is the reason it had a kill switch but the good thing is Microsoft released a patch for their unsupported operating systems which is really cool.
Title: Re: 22 year old discovers wannacry ransomware kill switch by accident Post by: rekinthis on May 13, 2017, 11:05:35 PM Quote A 22-year-old cybersecurity analyst accidentally shut down vast numbers of attacks by the devastating WannaCry ransomware by buying a domain name hidden in the program for about £8.29. The domain name is believed to have been written into the software by the hackers to act as a kill switch. Each time the program tried to infect a computer, it would try to contact the webpage. If it failed, WannaCry would carry on with the attack, but if it succeeded it would stop. The analyst, who tweets as MalwareTech and works for Kryptos Logic, a security firm, admitted he had not realised that buying the domain name, for just $10.69, would have this fortunate effect. http://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-cyber-attack-ransomware-wannacry-accidentally-discovers-kill-switch-domain-name-gwea-a7733866.html With WannaCry being in the major news, what do people think of this? Was it too easy to shut down this malware? Should such a thing be suspicious? Title: Re: 22 year old discovers wannacry ransomware kill switch by accident Post by: achow101 on May 13, 2017, 11:16:11 PM sure, i love how media said that it is "accidentally". Because it was accidental. The guy got his hands on a sample of the virus and began analyzing it. When he saw that it was making requests for a specific domain, as per standard procedure, he looked up the domain. He registered and sinkholed it when he saw that it was available, without knowing what that would do. Malware analysts will sinkhole unregistered domains as soon as they can so that, at the very least, they can track how widespread the malware is. Only later do they do other stuff with the domain and figure out what the malware is doing. The accidental part is that he did not realize that sinkholing that domain would prevent new infections from occurring.1. crazy spread all over internet (even hitting cloud server) 2. reverse engineering the malware in only 24-36 hours after spread. but i don't know, maybe he is just the right guy on the right place at the right moment Title: Re: 22 year old discovers wannacry ransomware kill switch by accident Post by: digaran on May 14, 2017, 12:17:30 AM I heard some companies are using metals to manufacture guns which are to kill people, lets ban metal mining and discard them from our lives.
I don't see their price going down nor their related businesses destroyed. If you are a woman, you could get married or you could sell your body. It's entirely up to individuals how to use everything. Saying Bitcoin price going down because of this is absurd, anyways I don't see Wu shutting bitmain down and turning off all the antminers for this lol. Title: Re: 22 year old discovers wannacry ransomware kill switch by accident Post by: bankpower on May 14, 2017, 12:24:27 AM No suspects but this shows one thing - how systems are insecure. World population must be aware of this computers rule our world and we need to take care of our computers, companies must be diligent and offer support and training for IT security, Microsoft and friends need to care about patches and updates even for older systems because the world we live in depends on these systems.
Title: Re: 22 year old discovers wannacry ransomware kill switch by accident Post by: pixie85 on May 14, 2017, 12:27:50 AM He should now set up a project funding campaign to get back his £8 with interest. Just a thought, I'd say his work is worth a tip.
It's just another small step in the endless battle, as there will always be gaps in new software and people ready to abuse them. |