The âaccidental heroâ who halted the global spread of an unprecedented ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted.
The ransomware used in Fridayâs attack wreaked havoc on organisations including FedEx and TelefĂłnica, as well as the UKâs National Health Service (NHS), where operations were cancelled, X-rays, test results and patient records became unavailable and phones did not work.
But the spread of the attack was brought to a sudden halt when one UK cyber security researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a âkill switchâ in the malicious software.
https://www.youtube.com/watch?v=mfELw3A5gCE
Theresa May: ‘This is not targeted at the NHS, itâs an international attack’ â video
The kill switch wonât help anyone whose computer is already infected with the ransomware, and itâs possible that there are other variants of the malware with different kill switches that will continue to spread.
The malware was made available online on 14 April through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of âcyber weaponsâ from the National Security Agency (NSA).
Ransomware is a type of malware that encrypts a userâs data, then demands payment in exchange for unlocking the data. This attack used a piece of malicious software called âWanaCrypt0r 2.0â or WannaCry, that exploits a vulnerability in Windows. Microsoft released a patch (a software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.
The ransomware demands users pay $300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the âpayment will be raisedâ after a certain amount of time. Translations of the ransom message in 28 languages are included. The malware spreads through email.
âThis was eminently predictable in lots of ways,â said Kalember. âAs soon as the Shadow Brokers dump came out everyone [in the security industry] realised that a lot of people wouldnât be able to install a patch, especially if they used an operating system like Windows XP [which many NHS computers still use], for which there is no patch.â
Security researchers with Kaspersky Lab have recorded more than 45,000 attacks in 74 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt. In Spain, major companies including telecommunications firm TelefĂłnica were infected.
By Friday evening, the ransomware had spread to the United States and South America, though Europe and Russia remained the hardest hit, according to security researchers Malware Hunter Team. The Russian interior ministry says about 1,000 computers have been affected.
Credit:Â CLICK HERE