It’s all about “WannaCry” that attacked over 74,000 computers in 74 countries (the new number is 200,000 computers in 150 countries) as at Friday last week but the scariest news came over the weekend when we were all asked to brace for bigger ransomware attacks by Monday so if you went to work today fearing your computer could be subject to this massive attack, you’re not alone. But now it looks like the worst of that storm seems to be over and while you still need to be vigilant, it looks like the attacks is being scaled back but just how did this happen?
We’re told that a 22 year old UK researcher called “MalwareTech” and while their gender is not known, they published a blog on Saturday showing just how they became the hero that accidentally scaled back the spread of WannaCry.
How they did it
The discovered an unregistered domain name in WannaCry and after buying it, the pointed it to something known as a sinkhole or better put a server that gives false information about a domain name in order to prevent the use of that domain name. DNS sinkholes are used to block malware and botnets by giving redirecting the malware away from its intended target. This domain which Malware Tech had bought was actually the answer to stopping WannaCry.
Sample I found scans SMB after dropping WannaCrypt. Can anyone confirm it's the same thing? P2P spreading ransomware would be significant. pic.twitter.com/zs5Td4ovvL— MalwareTech (@MalwareTechBlog) May 12, 2017
That said, ransomware like WannaCry could come in other versions and for that MalwareTech haven’t come up with a permanent solution but for the current version which has attacked hundreds of thousands of computers so far.
Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You're only safe if you patch ASAP.— MalwareTech (@MalwareTechBlog) May 14, 2017
But again Microsoft issued a patch for the MS17-010 flaw and expect that organisations would comply. In most cases, all you have to do is simply update your Windows software and that’s it. If you have set your update to manual, simply go and carry out this update and all should be well.
Authorities in Europe expect another attack exploiting this flaw in the near future.
But MalwareTech say they are not a hero even though online comments say something different.