IT Support | 203.913.1073 | info@tsdnetworks.com | Mon-Fri 8am-6 pm

TSD Networks provides computer tech support & cyber security in Connecticut and surrounding areas in Fairfield and New Haven Counties. If you have questions about IT support, computer repairs, or tech support in Connecticut, please call the experienced IT Professionals team at TSD Networks at 203-913-1073 or click here to schedule your free network & pricing consultation.

LONDON — An anonymous malware researcher inadvertently helped stop the spread of a global cyberattack that hit at least 150 countries.

The 22-year-old researcher, who goes by the name MalwareTech, has become an internet hero for their efforts to stem the spread of the WannaCry ransomware. MalwareTech, who is based in the U.K., did not disclose their identity or gender to CNN. MalwareTech published a blog post early Saturday morning detailing how they stopped the spread of this ransomware.

The ransomware took control of computers around the world and required owners to pay hundreds of dollars to get their files back. It took advantage of a Windows vulnerability leaked in April and the hacking tool is believed to belong to the NSA.

MalwareTech found an unregistered domain name in the ransomware and bought it for $10.69. Then, they pointed the domain to a sinkhole, or a server that collects and analyzes malware traffic. What they didn’t realize was that the domain — a random assortment of letters — was actually a kill switch, a way for someone to take control of the ransomware.

While the researcher is being lauded online for helping to prevent a more widespread outbreak, MalwareTech doesn’t consider themselves a hero.

“I just [think] don’t that what I did was that significant,” MalwareTech told CNN in an email. “And as of now I’ve had a fair bit of thanks from different people which is really appreciated, but no job offers which is nice as I’m happy where I am.”

“We found out that the domain was supposed to be unregistered and the malware was counting on this, thus by registering it we inadvertently stopped any subsequent infections,” they told CNN.

However, this only stops one version of WannaCry. There are different versions of the ransomware that do not contact that particular domain and can still spread, so it is possible for computers to get infected. Windows machines that are up-to-date are safe from this ransomware.

“At the moment, we’re in the face of an escalating threat, the numbers are going up,” Europe’s top law enforcement official Rob Wainwright told ITV’s Peston on Sunday program. “I’m worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning,” the director of Europol added.

Darien Huss, a researcher at security firm Proofpoint, first noticed that MalwareTech’s sinkhole was preventing the ransomware from spreading.

“It seems a lot like the actors responsible for this are fairly amateur because of the implementation that they used for the kill switch,” Huss told CNN. “It was very easy for someone other than themselves to activate the kill switch.”

Huss says it is very likely we will see another attack using the exploit, even as early as Monday.

Source: Fox 61 News

If you have questions about your IT environment please call me for a brief discussion and free consultation. You can reach me at 203-913-1073 or schedule a call here.