A 22-year-old, code-named “MalwareTech” was responsible for temporarily halting (if not stopping) the now infamous Ransomware virus. The researcher, who works for Kryptos Logic, an LA-based threat intelligence company, activated a “kill switch”” which was included in the malware by the originator- although not intentionally. “I was out having lunch with a friend and got back about 3 pm and saw an influx of news articles about the NHS and various UK organizations being hit,” he said. “I had a bit of a look into that, and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.”
Across the ocean, Darien Huss a 28-year-old research engineer for the cyber security firm Proofpoint was doing his analysis. According to him, he noticed a feature (termed Killswitch) which the authors of WannaCry malware had intentionally left, in case they wanted to stop the malware. Huss then shared the kill switch on Twitter. MalwareTech and Huss, like many other, are part of a large global cyber security community, which works independently or for a few cyber security companies, who are constantly watching for attacks and working together to stop or prevent them, often sharing information via Twitter. It’s not uncommon for them to use aliases, either to protect themselves from retaliatory attacks or for privacy.
Soon Huss and MalwareTech were communicating about what they’d found: That registering the domain name and redirecting the attacks to the server of Kryptos Logic, the security firm Malware Tech worked for, had activated the kill switch, halting the ransomware’s infections creating what’s called a “sinkhole.” Kaspersky and Avast- two cyber security firms have identified the malware in more than 70 countries- while Russia remains the hardest hit. The real originator of the same is not known.
One of the biggest and calamitous malware to hit the cyber world at the global level, Ransomware has now affected popular companies like FedEx, Telefonica, UK’s National Health Services along with many big names in the business world.
The kill switch was embedded into the malware in case the creator wanted to stop it spreading. He also informed that along with his colleagues; he is collecting the internet protocol (IPs) and sending them to cyber law enforcement agencies, which will help in mass communication and awareness.
Ransomware is a type of malware which encrypts user’s data- locks the data and then demands a ransom for releasing (and hence the name). The malware uses a software by the name of “WanaCryptor 2.0” or “WannaCry,” which targets the Microsoft Windows platform. Once infected, Ransomware demand $300 worth of Bitcoins (cyber currency). The malware largely spreads through emails and the accidental hero has warned the world that this cyber security breaching is yet not over and the criminals can change the code and start this attack again, so beware next time you click your emails.