“An ‘accidental hero’ has halted the global spread of the WannaCry ransomware that has wreaked havoc on organizations…” writes The Guardian. An anonymous reader quotes their report:
A cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and implemented a “kill switch” in the malicious software that was based on a cyber-weapon stolen from the NSA. The kill switch was hardcoded into the malware in case the creator wanted to stop it from spreading. This involved a very long nonsensical domain name that the malware makes a request to — just as if it was looking up any website — and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. Of course, this relies on the creator of the malware registering the specific domain. In this case, the creator failed to do this. And @malwaretechblog did early Friday morning (Pacific Time), stopping the rapid proliferation of the ransomware.
They also tweeted a map from the New York Times showing that registering that domain provided more time for U.S. sites to patch their systems. Friday night they added “IP addresses from our [DNS] sinkhole have been sent to FBI and ShadowServer so affected organizations should get a notification soon. Patch ASAP.”
Read more of this story at Slashdot.