As the WannaCry attack progresses, the hackers from around the world are trying to stop it. China’s hackers have even tried to gain control of the kill switch, and try to cut off the attack.
One of the British cyber security analysts has managed to discover a name of the website domain in a code that was used to infect computers via worms. After the worm was inspected, the 22-year-old analyst discovered this domain name, and upon registering on it, the kill switch was activated in the coding. It’s also discovered that the malware tried to find this website every time when it infected a device. If the search for the website resulted in failure to find it, the attack was carried. However, if the domain was discovered, the malware would simply shut down and leave the computer alone.
Despite the fact that this has probably prevented thousands of other attacks, experts are warning that this code could easily be rewritten by the attacker or attackers.
If the Microsoft’s new security patch isn’t installed, it’s expected that an entirely new wave of problems could happen when people go to work. One of the security analysts, that wasn’t identified, but instead, prefers to use the name ‘MalwareTech’, has stated that someone has tried to take control of the site. In fact, he was even able to specify and say that the attempt of overtaking the website came from China.
Kaspersky Lab’s director of global research and analysis, Costin Raiu, has stated that hackers are often known to take control of websites by pretending to be the owner. They would then get it transferred to some other register. This transfer attempt has failed but if it succeeded, it’s suggested that only two things are possible. One would include counting the number of ransomware’s victims, and the other would be disabling the killswitch.
The security analyst has stated that it’s not likely that the original hackers would have done this and that it would be far simpler to simply change the program a bit. Mr. Raiu has stated that “They can very easily create another variant of this worm which doesn’t have this kill switch or checks for a different domain and they will achieve the same effect [as seizing control of the original domain].”
He then suggested that another hacker, one that has no connections to the entire attack, might have tried to take over control. He believes that the hacker might have done so in an attempt to stop the attack, and therefore pull off something that would carry a certain degree of internet fame with it. He also thinks that the best way to discover the true attacker would be following the payments for ransom, and try to figure out where do the Bitcoins go.
Mr. Raiu admits that following the Bitcoins is so difficult that it could easily be considered an art. Still, he believes that following the money is the best way to go.