17:59 GMT22 September 2020
Listen Live
    World
    Get short URL
    4204
    Subscribe

    A security researcher has accidentally activated a "kill switch" to stop the spread of what the cyber community dubbed the largest global ransomware attack in history. But the threat is not yet eliminated.

    Cyber criminals on Friday used malicious software to exploit a flaw in Windows operating systems and infect hundreds of thousands of computers worldwide with a fast-spreading version of WannaCry ransomware.

    The vicious cyberattack swept across the globe Saturday, hitting computers in nearly 100 countries, with Russia and the UK being among the most affected. It locked up critical systems of several high-profile organizations, such as Britain's National Health Service (NHS), Russian telecom company Megafon, Spain's largest telephone company, and international shipper FedEx, and attacked but was contained in other systems, among them the Russian Interior Ministry.

    The number of new infections substantially dropped on Saturday after a security researcher, tweeting as @MalwareTechBlog, registered a domain name connected to the malware, thus discovering a secret "kill switch" that can prevent the malware from spreading.

    ​​"We are on a downward slope, the infections are extremely few, because the malware is not able to connect to the registered domain," said Vikram Thakur, principal research manager at Symantec, as cited by Deutsche Welle.

    Unfortunately, the solution won't help fix systems already infected by the malware.

    @MalwareTechBlog has also warned in a tweet that even though the breakthrough halted the unfolding epidemic, more attacks may soon follow. The researcher explained that the attackers may still rewrite the code and relaunch the cycle and urged everyone to promptly patch their systems.

    The WannaCry's mechanism of operation is believed to have originally been exposed in the US National Security Agency (NSA) documents dumped in April by a hacking group calling itself Shadow Brokers.

    Ransomware operates like a digital blackmail scheme. It slips into a system and locks it up by encrypting files and data. Then a red screen pops up, saying, "Ooops, your files have been encrypted" and demanding that the user pays hundreds of dollars in the virtual currency Bitcoin or else the information will be deleted. The extortionists behind WannaCry have reportedly received about 100 payments from victims.

    It is unclear from which country the ransomware attack was run and whether it was launched by a group of hackers or an individual.

    Microsoft said it released Windows updates to defend against WannaCry in March, but many users and organizations hadn't updated their systems accordingly.

    Related:

    Washington Never Approached Moscow on Cyberattack Suspects
    S.Korea Rises Cyberattack Alert Level, Expects Increase in Attacks From North
    President's Representative: Claims of Russian Cyberattack on OSCE Website Absurd
    Tags:
    ransomware, malware, cyber attack, United Kingdom, United States, Russia
    Community standardsDiscussion