Looks Like WannaCry Has Been Halted

[Ketchup]

Hutchins said he stumbled across the solution when he was analyzing a sample of the malicious code and noticed it was linked to an unregistered web address. He promptly registered the domain, something he regularly does to discover ways to track or stop cyber threats, and found that stopped the worm from spreading.

http://www.nbcnews.com/storyline/ha...-wannacry-cyberattack-bedroom-compter-n759931

Some great work here. Let's hope it has been truly halted. If so, his work may be able to assist in the discovery of ways to stop future attacks more quickly.

 

[HutchinsonJC]

It's a temporary stop gap at best.

Odds are fairly good that an entirely new version of the malware without this particular kill switch has already been attempted to be sent out through the night.

The real fix is the windows update.

 

[C1]

http://thehackernews.com/2017/05/wannacry-ransomware-cyber-attack.html

- You could also just proceed to disable NetBios & Port 445

But this whole thing looks simply like a leaked copy from NSA's stash of malware collected from around the world. Very remindful of captures of classified info from Hillary's closet server except in this case it was leaked to Wiki by contractor(s).

 

[HutchinsonJC]

Yeah, I can't help but throw blame at the NSA's feet. #1) They should have reported the flaw to Microsoft and #2) They couldn't contain their knowledge or tools of the flaw and it ended up in public domain.

 

[Elixer]

http://www.nbcnews.com/storyline/ha...-wannacry-cyberattack-bedroom-compter-n759931

Some great work here. Let's hope it has been truly halted. If so, his work may be able to assist in the discovery of ways to stop future attacks more quickly.

Erm, no, that was just the "feel good story" of the day, there have already been new versions that don't have a "kill-switch".

Then there are the other guys, that installed crypto mining software, and THEY patched SMB, so, they wouldn't be nailed by wannacry.

Yeah, I can't help but throw blame at the NSA's feet. #1) They should have reported the flaw to Microsoft and #2) They couldn't contain their knowledge or tools of the flaw and it ended up in public domain.

How do you know they didn't once the exploits went out? Remember, this was patched back in March.
*edit, yeah, pretty much confirmed it was the NSA that notified MS to patch ASAP.

"The agency eventually warned Microsoft after learning about EternalBlue's theft, allowing the company to prepare a software patch issued in March."

https://arstechnica.com/security/20...leak-nsa-reported-critical-flaw-to-microsoft/

 

[Red Squirrel]

It's interesting the coder would have used something like this as a kill switch. Seems to me it would make it possible to trace who wrote and distributed it. I would have been hesitant to register that domain myself in case authorities think I'm the one that made the virus. But it's also a genius kill switch since it would work almost right away. An alternative that would be harder to track would be to release another virus into the wild the same way that one was released but it would have to spread again and it would take a while before it starts to kill the first one.

It almost sounds like fun to write viruses tbh. Like not because of the destruction, but just seeing how fast it can spread and stuff.

 

[XSoldier77X]

Check out that link Elixir shared from Github over some other post here.

It almost sounds like fun to write viruses tbh. Like not because of the destruction, but just seeing how fast it can spread and stuff.

I wish coke's campaigns were as viral.