THE ACCIDENTAL HERO IN THE RANSOMWARE ATTACK: MALWARETECH.. 22 years old and saves the world.....
....this time.
He has a warning: It will happen again..
This from the UK GUARDIAN:
One very interesting piece of information regarding WANNACRY: THE NEW YORK TIMES reports:
He has a warning: It will happen again..
This from the UK GUARDIAN:
The researcher, who identified himself only as MalwareTech, is a 22-year-old from south-west England who lives with his parents and works for Kryptos logic, an LA-based threat intelligence company.
“I was out having lunch with a friend and got back about 3pm and saw an influx of news articles about the NHS and various UK organisations being hit,” he told the Guardian. “I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.”
The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and was immediately registering thousands of connections every second.
One very interesting piece of information regarding WANNACRY: THE NEW YORK TIMES reports:
The connection to the N.S.A. was particularly chilling. Starting last summer, a group calling itself the “Shadow Brokers” began to post software tools that came from the United States government’s stockpile of hacking weapons.
The attacks on Friday appeared to be the first time a cyberweapon developed by the N.S.A., funded by American taxpayers and stolen by an adversary had been unleashed by cybercriminals against patients, hospitals, businesses, governments and ordinary citizens.
Something similar occurred with remnants of the “Stuxnet” worm that the United States and Israel used against Iran’s nuclear program nearly seven years ago. Elements of those tools frequently appear in other, less ambitious attacks.
The United States has never confirmed that the tools posted by the Shadow Brokers belonged to the N.S.A. or other intelligence agencies, but former intelligence officials have said that the tools appeared to come from the N.S.A.’s “Tailored Access Operations” unit, which infiltrates foreign computer networks. (The unit has since been renamed.)
0 comments: