Accidental hero' finds kill switch to prevent the spread of WannaCry ransomware

A cybersecurity researcher appears to have discovered a “kill switch” that can prevent the spread of the WannaCry ransomware — for now — that has caused the cyberattacks wreaking havoc globally.

The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading. “Essentially they relied on a domain not being registered and by registering it, we stopped their malware spreading,” @MalwareTechBlog told AFP in a private message on Twitter.

“I saw it (domain) wasn’t registered and thought, ‘I think I’ll have that’,” he was quoted as saying by the Guardian. The purchase cost him $10.69. Immediately, the domain name was registering thousands of connections every second. The researcher warned, however, that people “need to update their systems ASAP” to avoid attack. “The crisis isn’t over, they can always change the code and try again,” @MalwareTechBlog said.

How WannaCry works

• The infections seem to be deployed via a worm — a programme that spreads by itself between computers.
• Most other malicious programmes rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code. By contrast, once WannaCry is inside an organisation it will hunt down vulnerable machines and infect them too.
• Some experts say the attack may have been built to exploit a weakness in Microsoft systems that had been identified by the NSA and given the name EternalBlue.