Here’s How A Security Researcher Accidentally Stopped WanaCrypt0r Ransomware

Here’s How A Security Researcher Accidentally Stopped WanaCrypt0r Ransomware

Recently a 22-year-old researcher from @Malware TechBlog had discovered a ‘kill switch’ that can disable all the functionality of the Wanacrypt0r 2.0 ransomware. Well, the ransomware attempts to connect to an unregistered domain after operating on victim’s computer.

Earlier this year the hacking group ‘The Shadow Brokers’ decided to give away the hacking tools that were stolen from the NSA for free. Well, the tools can be used to hack computers running on Microsoft Windows.

The malicious software WanaCryptor 2.0 which is also known as WCry is now being used to carry out one of the biggest ransomware attacks of its kind.

Recently a 22-year-old researcher from @Malware TechBlog had discovered a ‘kill switch’ that can disable all the functionality of the Wanacrypt0r 2.0 ransomware. Well, the ransomware attempts to connect to an unregistered domain after operating on victim’s computer.

If the connection takes place, the ransomware closes itself and also stops spreading. That means that as long as the domain was unregistered and inactive, the ransomware keeps expanding itself.

The researcher bought the domain for $10.69. Once the URL went live after purchasing, the whole thing closed down. Now when the code pinged that domain, it turn out to be purchased and then the ransomware deactivated.

The researcher claimed that ‘a bit of analysis’ led him to the discovery of the domain. However, finding the kill switch was accidental. So, eventually, he pulled the plug without even realizing.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s