Today, May 14th, the “Tops News Headlines” section of the CBC website has the following headline on top: “More people could be hit by global ‘ransomware’ cyberattack Monday, police agency warns”.
Do the CBC reporters not read news from other sources? Consider the following news item which was on the BBC website yesterday.
Global cyber-attack: Security blogger halts ransomware ‘by accident’
Yes, this particular cyberattack is over. For some background here are some relevant tweets, in chronological order, from the twitter feed @MalwareTechBlog. This Twitter handle is registered to the guy who accidentally stopped this cyberattack.
From what I can gather the NHS ransomware is WannaCrypt (wcry) spreading using P2P exploitation of SMB with leaked NSA exploit.
Some analysts are suggesting by sinkholing the domain we stopped the infection? Can anyone confirm?
MalwareTech Retweeted
#WannaCry propagation payload contains previously unregistered domain, execution fails now that domain has been sinkholed
MalwareTech Retweeted
Infections for WannaCry/WanaDecrpt0r are down due to @MalwareTechBlog registering initial C2 domain leading to kill-switch #AccidentalHero
I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
So long as the domain isn’t revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again.
MalwareTech @MalwareTechBlog 3 hours ago
Thanks to @benkow_ who found what looks like a new ‘kill switch’ domain and @msuiche who registered it and transferred it to our sinkhole.
MalwareTech Retweeted
My bad – finished analyzing all #Wannacry worm mods we have and they all have the kill switch inside. No version without a kill-switch yet.
Yes CBC, you read that right. This “particular strain” of cyberattack is over because the virus will go check for the domain name and execution will fail. A new cyberattack will require a different virus code which doesn’t rely on checking for the status of this domain name. You should have known this two days ago.
It is strange that after every Ottawa Senators playoff game this season, CBC has been able to find “8 tweets that defined Game….“, but the reporters cannot find tweets relevant to other news.
