Ransomware WannaCry Spreads in 150 Countries but is Thwarted by a Domain Registration

Last week saw the biggest ransomware attack in a long while — it spread in about 150 countries and hit major organizations such as the UK National Health Service, Telefonica, Deutsche Bahn and FedEx.

It appears that the malware is based on code developed by the US National Security Agency that was leaked. The malware attacks Windows machines that have not installed a security patch from March. It encrypts files on the computers it infects and demands money for the decryption key.

What is curious about this massive attack is that it was halted on Friday, at least temporarily, by simply registering a domain name. A young researcher discovered that the malware code contained a 41-character unregistered .com domain name and paid $10 to register it. The malware stopped working. Malware frequently points to unregistered domain names that it changes over time.

It was supposed that this was a fail-safe or kill-switch but later it turned out that the domain name was inserted in the code to actually stop someone from running the code in protected sandbox environments.

Many warn that new versions of the malware without the domain lookup are already spreading so better stay on the alert.

To learn more about cyberattacks, visit <2016 Marks a Massive Increase in the Number of Breached Data Records> and <Over 400,000 Phishing Websites Detected Each Month in 2016>. To understand ransomware, go to <Everything you Need to Know about Ransomware>.

Need some help?