Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Latest Breaking News»'Accidental hero' finds k...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Latest Breaking News

Related: General Discussion, Editorials & Other Articles

duncang

(1,907 posts) Sat May 13, 2017, 05:56 AM May 2017

'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack

Source: The Guardian

An “accidental hero” has halted the global spread of the WannaCry ransomware, reportedly by spending a few dollars on registering a domain name hidden in the malware.

The ransomware has wreaked havoc on organizations including FedEx and Telefonica, as well as the UK’s National Health Service (NHS), where operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work.

However, a UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and activated a “kill switch” in the malicious software.

The switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.

Read more: https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack?CMP=share_btn_tw

InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 21 replies, 9353 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (97) ReplyReply to this post
21 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack (Original Post) duncang May 2017 OP
K&R murielm99 May 2017 #1
More from DW nitpicker May 2017 #2
I don't understand why they would be so specific to inform the perpetrators how they neutralized it still_one May 2017 #3
I'm pretty sure the perpetrators would know how it was stopped OnlinePoker May 2017 #4
Precisely so, the first thing they would do. L. Coyote May 2017 #8
This, then, sounds more like a test run or proof of concept. Next time, no "kill switch". Augiedog May 2017 #5
One of the worries duncang May 2017 #7
Our office has been getting a bunch of these fishing emails. Dustlawyer May 2017 #6
I almost got suckered a couple weeks ago. Hassin Bin Sober May 2017 #10
I got the Dropbox one and immediately deleted it to spam kimbutgar May 2017 #13
Not really. The "kill switch" function has already been removed from the variant going around today. PSPS May 2017 #9
Not surprising duncang May 2017 #11
Yep. As I said below. They'll just remove it. n/t CousinIT May 2017 #20
Just posted at Malwaretechblog duncang May 2017 #12
I like heroes. raven mad May 2017 #14
Smart guy! The govt needs to hire him! nt Honeycombe8 May 2017 #15
Kick and Rec Hekate May 2017 #16
Are any of us civilians vulnerable? jeffreyi May 2017 #17
If you haven't messed with the windows update Sgent May 2017 #18
Good news. HOWEVER. There will be other variants. WITHOUT the kill switch. CousinIT May 2017 #19
Here's a patch for older (pre-Windows 7) machines that aren't getting auto updates anymore PSPS May 2017 #21

still_one

(92,061 posts)
3. I don't understand why they would be so specific to inform the perpetrators how they neutralized it
Reply to duncang (Original post)
Sat May 13, 2017, 06:24 AM
May 2017

through a "kill switch". Why couldn't they just say they neutralized it?

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

OnlinePoker

(5,719 posts)
4. I'm pretty sure the perpetrators would know how it was stopped
Reply to still_one (Reply #3)
Sat May 13, 2017, 07:31 AM
May 2017

All they have to do is look to see if the domain name is active and know that their code had been broken.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Dustlawyer

(10,494 posts)
6. Our office has been getting a bunch of these fishing emails.
Reply to duncang (Original post)
Sat May 13, 2017, 08:24 AM
May 2017

Now they are saying this ___ person has put something in your DropBox.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Hassin Bin Sober

(26,315 posts)
10. I almost got suckered a couple weeks ago.
Reply to Dustlawyer (Reply #6)
Sat May 13, 2017, 09:19 AM
May 2017

A real estate agent that has done a lot of business in my building was apparently hacked. She sent me an email with a link to sign up for a document downloading service.

Since I knew one of my neighbors was about to list their property I figured she would be needing disclosures from me as I am the board President.

Luckily my partner happened to be right there when I said "hmm, why does this thing want my email password"

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

kimbutgar

(21,060 posts)
13. I got the Dropbox one and immediately deleted it to spam
Reply to Dustlawyer (Reply #6)
Sat May 13, 2017, 10:20 AM
May 2017

Someone I didn't know wanted me to open a bogus file.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

PSPS

(13,580 posts)
9. Not really. The "kill switch" function has already been removed from the variant going around today.
Reply to duncang (Original post)
Sat May 13, 2017, 09:18 AM
May 2017
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

duncang

(1,907 posts)
11. Not surprising
Reply to PSPS (Reply #9)
Sat May 13, 2017, 09:24 AM
May 2017

They were already worried the copy cats would be coming out. Personally I expect even worse ones coming out soon. Less time to respond or mangled code which even if someone pays they don't get back the files.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

jeffreyi

(1,938 posts)
17. Are any of us civilians vulnerable?
Reply to duncang (Original post)
Sat May 13, 2017, 12:57 PM
May 2017

I've had my windows computer off for a few days. It's windows 10. Safe to use?

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Sgent

(5,857 posts)
18. If you haven't messed with the windows update
Reply to jeffreyi (Reply #17)
Sat May 13, 2017, 01:06 PM
May 2017

function (it would have to be intentional), you'll be fine. Microsoft patched this in March. The reason its going around now is corporations that think they know better than Microsoft.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

CousinIT

(9,225 posts)
19. Good news. HOWEVER. There will be other variants. WITHOUT the kill switch.
Reply to duncang (Original post)
Sat May 13, 2017, 01:37 PM
May 2017

No doubt about that. So....keep those systems patched. Keep those network segments segmented. Keep those host-based firewalls updated.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

PSPS

(13,580 posts)
21. Here's a patch for older (pre-Windows 7) machines that aren't getting auto updates anymore
Reply to duncang (Original post)
Sat May 13, 2017, 04:09 PM
May 2017
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

There are patches here for:

Windows Server 2003 SP2 x64
Windows Server 2003 SP2 x86
Windows XP SP2 x64
Windows XP SP3 x86
Windows XP Embedded SP3 x86
Windows 8 x86
Windows 8 x64

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»Latest Breaking News»'Accidental hero' finds k...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.