The first worrying thing about Wcry worm is when it attacked health care
facilities in the U.K. They had to wave off patients and direct them to
another hospital. Then an ISP in Spain was attacked too. It encrypts and
locks your data and demands payment before it decrypts it.
Wcry attacks a vulnerability in Windows known to the NSA who
deliberately kept it a secret. Wcry was stopped dead by a happy
accident. A malware researcher who was analysing the attack found a
subroutine that HTTP's to an unregistered domain. He registered that
domain to a prepared sinkhole. So the researcher already has prepared
infrastructure to trap malware like this. The subroutine exits once it
gets a registered domain, basically a killswitch.
facilities in the U.K. They had to wave off patients and direct them to
another hospital. Then an ISP in Spain was attacked too. It encrypts and
locks your data and demands payment before it decrypts it.
Wcry attacks a vulnerability in Windows known to the NSA who
deliberately kept it a secret. Wcry was stopped dead by a happy
accident. A malware researcher who was analysing the attack found a
subroutine that HTTP's to an unregistered domain. He registered that
domain to a prepared sinkhole. So the researcher already has prepared
infrastructure to trap malware like this. The subroutine exits once it
gets a registered domain, basically a killswitch.
Comments