How an accidental “kill switch” slowed Friday’s massive ransomware attack

Source: Wired

“Amid a desperate situation Friday in which hundred of thousands of ransomware attacks pelted computers in nearly 100 countries, one stroke of good fortune hit, too. As the malware analysis expert who calls himself MalwareTech rushed to examine the so-called WannaCry strain, he stumbled on a way to stop it from locking computers and slow its spread. All it took was ten bucks, and a little luck. WannaCry swept Europe and Asia quickly yesterday, locking up critical systems like the UK’s National Health Service, a large telecom in Spain, and other businesses and institutions around the world, all in record time. Once infected, a victim’s computer denies access, and instead displays a message that demands the equivalent of around $300 in bitcoin. … As he worked to reverse-engineer samples of WannaCry on Friday, MalwareTech discovered that the ransomware’s programmers had built it to check whether a certain gibberish URL led to a live web page. Curious why the ransomware would look for that domain, MalwareTech registered it himself. As it turns out, that $10.69 investment was enough to shut the whole thing down — for now, at least.” (05/13/17)