Foreign media: virus WannaCry "Ming" has found, spread has been slow


according to foreign media reports, "accidental hero" has already blocked WannaCry blackmail the global spread of the software, software communication solution is spending more than a dozen dollars registered the website domain name hidden in the software.

blackmail software for fedex, Spain's telefonica and Britain's national health service (NHS) organizations like cause serious damage, including but not limited to business was cancelled, x-rays, test results and patient records and telephone can't use.

foreign media: virus WannaCry

and then, the network security researcher @ malwaretechblog on twitter, said Proofpoint in network security company staff Darien Huss, with the help of discovery and and activate the "off switch" in the malicious software.

this switch is virus authors hardcoded into the malware, for close to stop at any time.The whole communication process involves a ridiculous domain, malicious software from the request as it is looking for any website, if the request come back, and shows that the domain name is registered, close the switch will take effect, malicious software to stop transmission.foreign media: virus WannaCry

malwaretechblog: "I saw it was not registered (domain name), I was just think 'I will put it registered".It was reported that cost $10.69, there are thousands of connections per second shortly after registration.

foreign media: virus WannaCry

the Proofpoint Ryan Kalember said: "we have a day of accidental hero award. We are not aware that this can will slow the spread of extortion software."

malwaretechblog said domain name registration time too late, can't help many affected groups in Europe and Asia.Kalember said, but it gave us one more time, in order to repair them before infected systems to enhance the immune power of the attack.

close the switch will not help those computer has been infected by a blackmail software, and there may be a variation to continue in the spread of the virus.

malware on April 14, a Shadow through Brokers (Shadow Brokers) of the organization's online provide dump, the group claimed last year from the national security agency (NSA) stole a lot of "cyber weapons".

blackmail software is a kind of encryption of user data malicious software, you then need to pay the ransom to unlock user data.This attack is by a group called "WanaCryptor 2.0" or WannaCry loopholes.The hole using a loophole in the Windows.Microsoft released a patch in March, but not yet installed security update computer is still vulnerable to attacks.

blackmail software requires users to pay $300 COINS can restore their files, and warning for a period of time after the payment amount will be higher.This period of "ransom" message is simultaneous translation into 28 in the language.

Ryan from network security company Proofpoint Kalember said: "this is predictable. In many ways the Shadow broker (Shadow Brokers) and all the people () in the security industry know that a lot of people can't install patches, especially if they use like Windows XP operating system (many NHS computer still use), no patches. Then they spread through the hole to virus".

kaspersky lab security researchers currently have records from 74 countries (including Britain, Russia, Ukraine, India, China, Italy, and Egypt) more than 45000 times.In Spain, leading companies, including the telecommunications company Telefonica, infected.

according to security researchers Malware Hunter Team, on Friday night, blackmail software has been extended to the United States and South America, but Europe and Russia, the damage is more serious.Russia's interior ministry said about 1000 PCS.

The related content recommendation