A 22-year-old British IT expert that goes by the username MalwareTechblog just saved the world. He remained and preferred to be anonymous.
“It just doesn’t make sense to give out my personal information, obviously we’re working against bad guys and they’re not going to be happy about this.”
So what happened?
The cyber expert MalwareTechblog was on a week off from his job and is eating out lunch with a friend when the news of the cyber-attack circulated. When he arrived home and discovers about the dilemma, he set to work and inadvertently halted the malware. He found a loophole in the code and took it as a chance to stop the virus.
“It was a bit ‘red and blue wire’ thing – but more fumbling about trying to figure out if the registering of the domain caused the infections or stopped them.”
MalwareTechblog paid $10 to register the domain name the virus is connecting with. When it infects a new computer, it is
redirected to a ‘sinkhole’ in Los Angeles. The ‘kill switch’ stopped the spread of the ransomware that wreaked havoc on the NHS.
“It should have been really nice but someone had made a mistake and told me that our registering of the domain actually caused the infection… When I found out that it was actually the opposite it was more a relief…. Rather than a feeling of ‘yes, we’ve done this’ – it was like ‘oh god, I haven’t f***** up the world, so that’s really great’.”
But despite halting the virus, the computer security expert declared that the world is facing a fresh cyber-attack from a group of hackers who are trying to undermine the fix so the virus resume.
“Obviously they haven’t actually been successful, but had they been that would actually be quite a serious thing and it wouldn’t really be something to laugh about.”
MalwareTechblog revealed that he has been in touch with the government National Cyber Security Center.
“The crisis isn’t over, they can always change the code and try again.”
What is a ransomware?
This attack used a piece of spiteful software called “Wanna Crypot0r 2.0” or WannaCry, that utilizes a vulnerable Windows. The technique used is known as ransomware and spreads through email. It locks the user’s files unless they pay an indicated sum through the digital payment system BitCoin. Pictures were posted in the social media. Computer screens display images demanding payment of $300 in BitCoin. The payment should be done in three days or the price is doubled. Failure to send money within seven days will result in the files being deleted. On top of the image were the words, “Oops, Your files have been encrypted!” There is also a translation of the ransom message in 28 languages, which means they intended to reach out around the world.
Who is behind the attack?
The hacking group called Shadow Brokers claimed to have stolen a cache of ‘cyber weapons’ from the US National Security Agency. And it is believed that the same group is the one who released the malware in April. The National Crime Agency investigators are working with NCSC expert to track down the person/people behind the virus.
“This was a large-scale attack, but we are working closely with law enforcement partners and industry experts in the UK and overseas to support victims and identify the perpetrators… Cyber criminals may believe they are anonymous but we will use all the tools at our disposal to bring them to justice… Victims of cybercrime should report directly to Action Fraud. We encourage the public not to pay the ransom demand,” Deputy Director of NCA, Oliver Gower said.
Who were affected?
The worldwide attack was unprecedented. Six hospitals remained affected by the malware with 42 others slowly returning to normal. Many had canceled operations with advice to the patients ‘to steer clear of A&E department’. From NHS hospitals, the ransomware extended to a Nissan factory in Sunderland, hospital computer systems in Britain, Russia’s interior ministry, Spanish telecom giant Telefonica, US delivery firm FedEx, and bank as well as transport services in other nations. In a statement of the Forcepoint Security Labs, the attack had a ‘global scope’ and was affecting networks in Australia, Belgium, France, Germany, Italy, and Mexico.
Even Microsoft immediately changed its policy and announced that they’ll make free security fixes for older windows systems which are still used by many.
In total, there are 130,000 systems in 100 countries affected by the wave of cyber-attack.
How to protect yourself from the ransomware?
“The people who’re already infected, there’s not really much you can do. You can potentially pay the ransom but I don’t know if this one will decrypt the files yet,” MalwareTechblog states.
Vulnerable users need to update their systems as soon as possible to avoid the new attacks. Organizations also need to ensure that their security and anti-virus software is up to date and important data are backed up.