Spread of Wannacry Ransomware has been slowed simply registering a domain name


In these hours everyone is writing something about Wannacry ransomware, often even providing discordant or misleading information.

So if you want more information about the infection, take a look at the links in the ‘References’ section at the bottom of the article, while now I want to tell you the story of the researcher who unknowingly saved the world from a poor quality ransomware and by the same users that not install the security patches on their systems.


Once executed, the WannaCry ransomware does not infect system immediately: reverse engineers found that the dropper first tries to connect a domain, which was initially unregistered:

http://www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com

If the connection to the above-mentioned domain fails, the dropper proceeds to infect the system and starts encrypting files.

However, if the connection is successful, the dropper does not infect the system with the WannaCry ransomware module: the real purpose of this switch is actually unknown.


Suddenly, an unaware hero comes up to the stage!


A security researcher, tweeting as MalwareTech, registered the strange domain by spending just £10 and accidentally triggering the “kill switch” that can prevent the spread of the WannaCry ransomware, at least for now:

[embed]https://twitter.com/MalwareTechBlog/status/863187104716685312[/embed]
[embed]https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html[/embed]

Obviously, the response by the cybersecurity community has been enthusiastic:

https://twitter.com/darienhuss/status/863083680528576512/photo/1[embed]https://twitter.com/secitup/status/863201489170214912[/embed]
[embed]https://twitter.com/johnmcl69/status/863258078610833410[/embed]
[embed]https://twitter.com/0xDUDE/status/863350424807645185[/embed]
[embed]https://twitter.com/xxDigiPxx/status/863258646058332160[/embed]
[embed]https://twitter.com/UID_/status/863316781099872256[/embed]
[embed]https://twitter.com/charlesbdb/status/863379644925530113[/embed]

Good job, MalwareTech!


References

[embed]https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html[/embed]
[embed]https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html[/embed]
[embed]https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html[/embed]
[embed]https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html[/embed]
[embed]https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html[/embed]
[embed]https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html[/embed]
[embed]https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html[/embed]