22 year old discovers wannacry ransomware kill switch by accident

[Hydrogen]

A 22-year-old cybersecurity analyst accidentally shut down vast numbers of attacks by the devastating WannaCry ransomware by buying a domain name hidden in the program for about £8.29.

The domain name is believed to have been written into the software by the hackers to act as a kill switch.

Each time the program tried to infect a computer, it would try to contact the webpage. If it failed, WannaCry would carry on with the attack, but if it succeeded it would stop.

The analyst, who tweets as MalwareTech and works for Kryptos Logic, a security firm, admitted he had not realised that buying the domain name, for just $10.69, would have this fortunate effect.

http://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-cyber-attack-ransomware-wannacry-accidentally-discovers-kill-switch-domain-name-gwea-a7733866.html

With WannaCry being in the major news, what do people think of this?

Was it too easy to shut down this malware? Should such a thing be suspicious?

[achow101]

With WannaCry being in the major news, what do people think of this?

Was it too easy to shut down this malware? Should such a thing be suspicious?

Read what the guy himself says about it: https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

Basically, he thinks that it was just a very poorly written anti-sandboxing thing.

[pearlmen]

If that is the case, I wouldn't believe such thing because it just does not add up that a system built to siphone such amount of fund will just be taken down with little or no effort at all will be a mystery that is yet to be solved. Its just like someone arguing sometimes in the past few days about trying to know the wallet that contained Satoshi's stash then I ask myself will he be so foolish to have made it so obvious for anyone to see it if he could build something anonymous as bitcoin.

[SneakWulf]

A 22-year-old cybersecurity analyst accidentally shut down vast numbers of attacks by the devastating WannaCry ransomware by buying a domain name hidden in the program for about £8.29.

The domain name is believed to have been written into the software by the hackers to act as a kill switch.

Each time the program tried to infect a computer, it would try to contact the webpage. If it failed, WannaCry would carry on with the attack, but if it succeeded it would stop.

The analyst, who tweets as MalwareTech and works for Kryptos Logic, a security firm, admitted he had not realised that buying the domain name, for just $10.69, would have this fortunate effect.

http://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-cyber-attack-ransomware-wannacry-accidentally-discovers-kill-switch-domain-name-gwea-a7733866.html

With WannaCry being in the major news, what do people think of this?

Was it too easy to shut down this malware? Should such a thing be suspicious?

sure, i love how media said that it is "accidentally".

1. crazy spread all over internet (even hitting cloud server)
2. reverse engineering the malware in only 24-36 hours after spread.

but i don't know, maybe he is just the right guy on the right place at the right moment

[rytyr]

A 22-year-old cybersecurity analyst accidentally shut down vast numbers of attacks by the devastating WannaCry ransomware by buying a domain name hidden in the program for about £8.29.

The domain name is believed to have been written into the software by the hackers to act as a kill switch.

Each time the program tried to infect a computer, it would try to contact the webpage. If it failed, WannaCry would carry on with the attack, but if it succeeded it would stop.

The analyst, who twets as MalwareTech and works for Kryptos Logic, a security firm, admitted he had not realised that buying the domain name, for just $10.69, would have this fortunate effect.

http://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-cyber-attack-ransomware-wannacry-accidentally-discovers-kill-switch-domain-name-gwea-a7733866.html

With WannaCry being in the major news, what do people think of this?

Was it too easy to shut down this malware? Should such a thing be suspicious?

One of the companies did say they sucessfully thwarted the attempts on their network of computers.
It was an ISP call center in russia I believe.

[Marma Kalari]

I am hearing about this for the first time and on reading it looks like the hacker was a noob since it was not properly written and so is the reason it had a kill switch but the good thing is Microsoft released a patch for their unsupported operating systems which is really cool.

[rekinthis]

A 22-year-old cybersecurity analyst accidentally shut down vast numbers of attacks by the devastating WannaCry ransomware by buying a domain name hidden in the program for about £8.29.

The domain name is believed to have been written into the software by the hackers to act as a kill switch.

Each time the program tried to infect a computer, it would try to contact the webpage. If it failed, WannaCry would carry on with the attack, but if it succeeded it would stop.

The analyst, who tweets as MalwareTech and works for Kryptos Logic, a security firm, admitted he had not realised that buying the domain name, for just $10.69, would have this fortunate effect.

http://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-cyber-attack-ransomware-wannacry-accidentally-discovers-kill-switch-domain-name-gwea-a7733866.html

With WannaCry being in the major news, what do people think of this?

Was it too easy to shut down this malware? Should such a thing be suspicious?

say what you want, at the very best outcome it is just ridiculous that it caused so many trouble for the countries all over the world and all that time it could have been dealt with in such an easy way. But taking into consideration that the programmers that are working for the countries are pretty decent it is highly suspicious that such stuff happens. It always could be some kind of an inside job, the virus required bitcoins as far as I read, could it be just a poorly made virus to make bitcoin reputation go down when it's price went so high up? Could it be just another try to destroy bitcoins? I mean of course it is very unlikely, but still, you never know...

[achow101]

sure, i love how media said that it is "accidentally".

1. crazy spread all over internet (even hitting cloud server)
2. reverse engineering the malware in only 24-36 hours after spread.

but i don't know, maybe he is just the right guy on the right place at the right moment

Because it was accidental. The guy got his hands on a sample of the virus and began analyzing it. When he saw that it was making requests for a specific domain, as per standard procedure, he looked up the domain. He registered and sinkholed it when he saw that it was available, without knowing what that would do. Malware analysts will sinkhole unregistered domains as soon as they can so that, at the very least, they can track how widespread the malware is. Only later do they do other stuff with the domain and figure out what the malware is doing. The accidental part is that he did not realize that sinkholing that domain would prevent new infections from occurring.

[digaran]

I heard some companies are using metals to manufacture guns which are to kill people, lets ban metal mining and discard them from our lives.

I don't see their price going down nor their related businesses destroyed.

If you are a woman, you could get married or you could sell your body.

It's entirely up to individuals how to use everything.

Saying Bitcoin price going down because of this is absurd, anyways I don't see Wu shutting bitmain down and turning off all the antminers for this lol.

[bankpower]

No suspects but this shows one thing - how systems are insecure. World population must be aware of this computers rule our world and we need to take care of our computers, companies must be diligent and offer support and training for IT security, Microsoft and friends need to care about patches and updates even for older systems because the world we live in depends on these systems.

[pixie85]

He should now set up a project funding campaign to get back his £8 with interest. Just a thought, I'd say his work is worth a tip.
It's just another small step in the endless battle, as there will always be gaps in new software and people ready to abuse them.