Wcry Ransomware Spread Across the Internet

The first worrying thing about Wcry worm is when it attacked health care facilities in the U.K. They had to wave off patients and direct them to another hospital. Then an ISP in Spain was attacked too. It encrypts and locks your data and demands payment before it decrypts it.

Wcry attacks a vulnerability in Windows known to the NSA who deliberately kept it a secret. Wcry was stopped dead by a happy accident. A malware researcher who was analysing the attack found a subroutine that HTTP’s to an unregistered domain. He registered that domain to a prepared sinkhole. So the researcher already has prepared infrastructure to trap malware like this. The subroutine exits once it gets a registered domain, basically a killswitch.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s