Global Ransomeware Attack stopped by Hero with a $10.69 Purchase

Image result for cyber hero ukOn Friday the world was struck by an unprecedented ransomware cyberattack infecting over 230,000 computer systems across 150 countries (and counting).

The “accidental hero” who halted the global spread of an unprecedented ransomware attack simply registered (for $10.69) a garbled domain name he discovered hidden in the malware.

The global attack was brought to a sudden halt when a UK cybersecurity researcher with Twitter handle @malwaretechblog, found and inadvertently activated a “kill switch” in the malicious software.

“I was out having lunch with a friend and got back about 3pm and saw an influx of news articles about the NHS and various UK organizations being hit,” he told the Guardian. “I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.”

Dubbed “WannaCry,” the ransomware gains control of a victim’s system and then encrypts most of its key data. A ransom note then appears on the victim’s screen indicating they have three days to pay US$300 in bitcoin.

The ransomware used in Friday’s attack wreaked havoc on organizations including FedEx and Telefónica, as well as the UK’s National Health Service(NHS), where operations were cancelled, X-rays, test results and patient records became unavailable and phones did not work.



Microsoft flagged the vulnerability and released a patch to fix it a month before the hackers publicly released the exploit data, but a major problem remained. While the security patch covered Windows Vista, 7 and 8.1, Microsoft had ceased support cycles for earlier versions of their popular operating system, including the still widely used Windows XP.

It was here that the WannaCry exploit made its largest impact. Scores of major companies around the world still operate on older Windows systems. NHS hospitals in Britain were hit by the malware; French carmaker Renault was forced to stop production at several sites; ATMs in China went offline; and 18 police units in India had their records frozen.

Security researchers with Kaspersky Lab in Moscow have recorded more than 45,000 attacks in 74 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt. In Spain, major companies including telecommunications firm Telefónica were infected.

By Friday evening, the ransomware had spread to the United States and South America, though Europe and Russia remained the hardest hit, according to security researchers Malware Hunter Team. The Russian interior ministry says about 1,000 computers have been affected.

Hooks Systems IT RemoteCare services  provides several levels of protection against malware attacks:

  • We maintain a robust hardware firewall for every client that blocks most intrusion attempts.
  • Windows Updates are applied to every computer with the latest software updates.
  • We apply the latest Microsoft security patches for each discovered vulnerability..
  • We set up regular, scheduled auto-scans of your systems for any malicious programs.
  • By migrating our clients to cloud-based Office 365 at Microsoft, we ensure that all outgoing and incoming emails are scanned for malicious attachments.
  • In the event that a malware attack does get past all of the levels of protection, we can restore our client’s data from their most recent backup.
  • Hooks Systems has configured a continuous backup of each client’s data.

Source: The Guardian, WSJ