Internet users worldwide are now familiar with the WannaCry or WanaCrypt0r ransomware attack and how cybercriminals used it to infect cyber infrastructure of banking giants, hospitals, tech firms and sensitive installation in more than 90 countries.
The users may also know that a British security researcher MalwareTechBlog accidentally discovered the kill switch of WanaCry by registering a domain (iuqerfsodp9ifjaposdfjhgosurij
The domain registry slowed down the attacks but didn’t stop them entirely
Soon after, a security researcher from France going by the handle of @benkow_ on Twitter discovered a new variant WanaCrypt0r 2.0 and sent it to Matthieu Suiche for an in-depth analysis who is also an IT security researcher.
Upon analyzing, Suiche successfully discovered its kill switch which was another domain (ifferfsodp9ifjaposdfjhgosurij
According to Suiche’s blog post, he then successfully registered the domain to halt the new and growing wave of cyber attacks through WannaCry ransomware.
- “The security community has been active all week-end on this to slow down the progression of the attack as much as possible to avoid further damages in institutions like the NHS. The longer we wait for the faster the malware spreads, this is why I’m glad really I was able to register this second domain so quickly to avoid post-pone chaos like we saw with the NHS,” Suiche told HackRead
Although registering the new kill switch is just a temporary solution; one should expect more new variants of WannaCry ransomware. Therefore, for now, users are on their own and need to implement emergency security measures to make sure they don’t fall victim to these attacks. For this, users need to make sure following things:
- Do not open an unknown email
- Do not download files from an unknown email
- Do not click files from an unknown email
- Avoid visiting malicious sites
- Do not download software and apps from a third-party store/website
- Show hidden file extensions
- Keep your system updates
- Make sure you are using a reputable security suite
- Back up your data
- Use System Restore to get back to a known-clean state
What should Microsoft users do?
Windows is the most affected operating system in this cyber attack since WannaCry exploits a security flaw in SMB within Windows. The users can simply disable SMB to prevent against WannaCry attacks.
Microsoft has also taken the matter seriously and released an update earlier today which detects this threat as Ransom: Win32/WannaCrypt. However, one user on Imgur compiled a “direct download” list of all the patches released by Microsoft.
For more information visit Microsoft’s blog post on the WanaCry attack, apply patch asap and kudos to the security researchers who are spending all their time to protect users against WannaCry attack.