Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!



Results 1 to 2 of 2
Like Tree3Likes
  • 2 Post By Tulim
  • 1 Post By pgrillo

Thread: Researcher Accidently Stopped Massive WanaCrypt0r Ransomware

  1. 05-14-2017 #1
    Tulim
    Guest Tulim's Avatar

    Researcher Accidently Stopped Massive WanaCrypt0r Ransomware

    Security researcher from MalwareTech was able to halt the viral WanaCrypt0r ransomware while studying about the same. He registered an unregistered URL in the payload, and it turned out to be a kill switch to spread the malware. The URL might have been a command and control server or an intentional kill switch. Notably, WanaCrypt0r ransomware was spreading using a vulnerability disclosed by NSA records.

    As a result of a new ransomware attack which gained traction in European countries and Russia, thousands of computers across the world were crippled. If you are still unaware of this scary rampage. Once infected, a computer denied access to the user’s files and asked for a ransom of about $300 in bitcoin.

    The impact of the ransomware can be measured by the fact Microsoft released a rate and urgent patch for Windows XP (which is unsupported since 2004) to help protect the XP machines. But, thanks to a security researcher at MalwareTech, the pace of the attack was slowed down.
    Accidental WanaCrypt0r Kill Switch

    While working with WanaCrypt0r, MalwareTech found that the notorious coders of ransomware created it to find if a certain random URL led to a live web page. It turns out that as long as the domain was unregistered and inactive, the ransomware kept spreading.

    To check the same and analyzing the traffic, MalwareTech bought the domain for $10.69. As soon as the URL went live, the whole thing shut down. Now, when the code pinged that domain, it turned out to be registered and the ransomware would not activate.

    I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.

    — MalwareTech (@MalwareTechBlog) May 13, 2017
    This way, MalwareTech pulled the plug without even realizing. It should be noted that it doesn’t help the affected people, but it stops WanaCrypt0r from spreading further.

    In another development, it’s being reported that the second version of the ransomware, i.e., WannaCry 2.0, is spreading. We’ll be soon telling you more about the same.



    [fossBytes]
    CC1x and jimmy7 like this.
    Reply With Quote Reply With Quote
  2. 05-14-2017 #2
    pgrillo
    pgrillo is offline
    User pgrillo's Avatar
    Reputation Points
    110
    Reputation Power
    28
    Join Date
    Dec 2016
    Posts
    34
    Time Online
    1 d 9 h 28 m
    Avg. Time Online
    N/A
    Mentioned
    5 Post(s)
    Quoted
    5 Post(s)
    Liked
    8 times
    Feedbacks
    0
    Unfortunately, the kill switch won't be there anymore for 2.0 version. The question is why this kill switch was even there in the first place? It does not seem as a normal practice
    Tulim likes this.
    Reply With Quote Reply With Quote

« Previous Thread | Next Thread »

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

All times are GMT +1. The time now is 10:45 PM.
Powered by vBulletin® Version 4.2.2
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.