CrAKeN Posted May 15, 2017 Share Posted May 15, 2017 WannaCry ransomware gets variants with no kill switch As expected, the WannaCry ransomware is not even close to being done, despite one researcher discovering a convenient kill switch. Other variants have already been discovered in the wild, some with a different kill switch, some with none at all. After security researcher going by the Twitter handle MalwareTech discovered that by purchasing a random domain name the initial spread of the WannaCry ransomware was stopped, it was expected that the attackers would simply remove this domain from the code, add another or just leave the code free of such an easy way out. Multiple researchers have confirmed that such variants are available online and coming after Internet users everywhere. Quote A patched (non recompiled) variant with *NO* kill-switch is out there too. Patched jump and zeroed the URL. See screenshots below. #WannaCry pic.twitter.com/RliIRigXwH — Matthieu Suiche (@msuiche) May 14, 2017 “New variants today are now spreading with a modified kill-switch domain. Someone, likely different to the original attackers, made a very small change to the malware so it connects to a slightly different domain. That allowed it to continue propagating again," Chris Doman, security researcher at AlienVault, told us. “Thankfully some researchers are already registering the new domains as they identify them. The cat-and-mouse will likely continue until someone makes a larger change to the malware, removing the kill-switch functionality completely. At that point, it will be harder to stop new variants." What is WannaCry? WannaCry is a ransomware that is a lot stronger than other similar malware due to the worm component that helps it spread through networks. This is the main reason why computers in the NHS network went down one after another, or why Renault had to stop production at multiple sites. Once one computer in a network it infected, it's only a matter of time before the rest are too. Other companies have also suffered, including FedEx and Telefonica, as well as Germany's railway system. At this point in time, over 200,000 computers have been affected in over 150 countries, despite the kill switch. The only solution to block this attack is to update your operating system or to make sure you have an anti-malware solution installed to protect you from the malware. Even though this is a nasty ransomware, it's still detectable and, therefore, easy to block. Microsoft has released a patch to fix the vulnerability back in April. This vulnerability was actually exposed by a hacker group called Shadow Brokers who dumped online a series of documents belonging to the NSA which detailed a zero-day exploit. Security researchers warned at the time that it wouldn't be too long before an attack was deployed. Following the launch of the WannaCry attack, Microsoft went ahead and released a patch for Windows XP and Server 2003, even though both were no longer supported. Source Link to comment Share on other sites More sharing options...
straycat19 Posted May 15, 2017 Share Posted May 15, 2017 If the person who discovered the kill switch had SILENTLY bought the domain and didn't advertise that fact then the original kill switch would have been working and no one would have been the smarter. Problem with idiots is their egos are bigger than their brains. Link to comment Share on other sites More sharing options...
Holmes Posted May 15, 2017 Share Posted May 15, 2017 No reason to cry over spilt milk. It said over two hundred thousand computers in over one hundred and fifty countries and the infections could grow lets hope they dont. Link to comment Share on other sites More sharing options...
lordi Posted May 15, 2017 Share Posted May 15, 2017 ransomware with working exploit = deadly combination Link to comment Share on other sites More sharing options...
Holmes Posted May 15, 2017 Share Posted May 15, 2017 The cry over spilt milk was directed towards straycatnineteen not toward the article or toward wannacry. Link to comment Share on other sites More sharing options...
info999 Posted May 15, 2017 Share Posted May 15, 2017 the real culprit here is human, because human are stupid & ignorant Link to comment Share on other sites More sharing options...
tao Posted May 15, 2017 Share Posted May 15, 2017 Where there is beauty, there is ugliness. When something is right, Something else is wrong.Knowledge and ignorance Depend on each other. It has been like this since the beginning. How could it be otherwise now? [...] ~Ryokan Enjoy being a human! Link to comment Share on other sites More sharing options...
Dodel Posted May 15, 2017 Share Posted May 15, 2017 17 hours ago, straycat19 said: If the person who discovered the kill switch had SILENTLY bought the domain and didn't advertise that fact then the original kill switch would have been working and no one would have been the smarter. Problem with idiots is their egos are bigger than their brains. +1, It should have been a sink hole, Link to comment Share on other sites More sharing options...
rerigam Posted May 16, 2017 Share Posted May 16, 2017 On 15/05/2017 at 5:52 AM, straycat19 said: If the person who discovered the kill switch had SILENTLY bought the domain and didn't advertise that fact then the original kill switch would have been working and no one would have been the smarter. Problem with idiots is their egos are bigger than their brains. and what about YOUR ego writing such idiocies? I think only an idiot can think that hackers would not notice that, even if the person had been silently Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.