After the WannaCry Ransomware took the computer world by a surprise, there are a lot of things to be said. It goes way back to April when a hacker group called “Shadow Brokers” hacked a tool called ‘Eternal Blue’ from America’s military investigation organization NSA and dumped it online in order to make some money out of it. This tool is used by NSA to get full access to any of the Microsoft’s software as reported. Clearly, Edward Snowden has got pissed off again for what he fled to Japan to a confession about.
As of yesterday, the ransomware was responsible for many of the national level organizations such as National Health Services computers shutting down along with many hospitals in England. And now, after an anonymous British blogger finds a way to stop it, they are back with a newer version after updating their code.
Here’s everything else that you need to know about the Wannacry ransomware.
Now here’s the interesting part about what happened yesterday.
Recently, a blogger from England accidentally halted the spreading and infecting of the ransomware. Wait, as it halted now, they could come up with a new code to execute and keep it running on the line. He abruptly found a kill switch in the malicious software which he could try.
According to him, when he came to know about the news of this random ransomware software, he just wanted to take a dig and explore it. Eventually, he found a malware which was connecting to a specific domain, which was not registered. Accidentally, he went up to buy that domain which only cost him $10.69 and he was getting thousands of connections per minute after he bought it.
Basically, this domain, what we call as ‘kill switch’ was integrated into the malware in case the creator wanted to stop all the mess. So, when the malware makes a request to that domain, if the domain is alive, it enables the kill switch and the spreading comes to halt. This is all that seems to be set up by the creator.
Coming to the identity, he decides to say anonymous and tweets only through the twitter account @MalwareTechBlog and says that we’re are working against some bad guys and that they won’t be happy after knowing the identity.
He also said that “This is not over. The attackers will realize how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot.”
And exactly as he said, they came up with a newer code which gets connected to a different domain. Well, here’s the turnaround: Matthieu Suiche, a security researcher bought the domain with what it was registered and unfortunately this time, it didn’t stop the software to spread.
Costin Raiu from Kaspersky Labs says that this new version of the WannaCry ransomware was created without the ‘kill switch’ as they call it and also told that it was developed someone else, rather than the hackers who were behind this initially. He made all these statements after their team has made some research and by analyzing the samples.
As it seems, for now, this can’t be stopped with that ease without the WannaCry spreading to at least some more thousands of computers.
Now, all you’ve got to do is, update your OS updates and disable the SMB 1.0 File Sharing Support. Here’s how to disable SMB 1.o File Sharing Support.
- Open “Windows Features” on your Windows computer
- Scroll down and uncheck SMB
- And restart your computer
As per the current updates, it is reported to have been spread to 150 countries leaving 200,000 computers infected.