Computer systems across the world were hit by a major ransomware attack over the weekend. WannaCry, as it was called, was targeting both, the end users as well as the corporate servers. It was locking them down and extorting an unlock fee from the victims. The malware used a vulnerability in Windows to spread the infection among unpatched systems.
Despite Microsoft issuing an emergency patch for Windows XP, the action was too late to stem the tide of infections across the globe. Interestingly, that first wave was broken apart by one single white hat hacker.
After WannaCry was causing havoc in the tech world, the 22-year-old was busy studying the code responsible for the worldwide panic, in an effort to understand it. What he noticed in his research was that after infecting a system, WannaCry contained a set of instructions directing it to check a gibberish URL. Curious to see why it was doing that, Hutchins went ahead and registered the domain name mentioned in the code for around $10. And that little bit of curiosity bought security researchers valuable time, as it killed off the malware’s ability to infect other systems.
Most experts believe the initial infections of WannaCry ransomware were carried out by phishing attacks through emails, or by exploiting a network security hole. After that, the malware was capable of spreading itself using the exploit in Microsoft’s Windows vulnerability.
However, it looks like the malware’s creators had programmed a “kill switch” into it, in case they ever needed to quickly deactivate the infection. That’s why WannaCry kept checking the bogus URL each time it infected a new computer. The idea was that, as long as the URL wasn’t a live page, the infection would continue.
The moment Hutchins registered the domain, it stopped the malware’s ability to spread. A huge relief to security researchers, even if the infected systems still remained on lockdown. It gave people valuable time to update and patch security vulnerabilities, especially in the US, where WannaCry was yet to effectively penetrate before the kill switch was found. Hutchins’ actions may have saved thousands of people from being the next victims of the malware.
Unfortunately, that next wave is already here. It didn’t take long after Hutchins’ discovery for newer versions of WannaCry to show up online, all lacking the safety kill switch their predecessor had. Of course, cybersecurity researchers are also hard at work, attempting to track down where WannaCry initiated from. Patching holes and updating security is well and good, but the only way to stop people from being victimised by malware they aren’t familiar with is to catch the perpetrators and stop the infection at the source.