The “accidental heroes” that left the worldwide spread of unprecedented ransomware attack by registering a hidden domain name scrambled into the malware were warned that the attack could be restarted.
Ransomware used in Friday’s attack has wreaked havoc on organizations, including FedEx and Telefonica, and the National Health Service (NHS) in the UK, where operations, x-rays, test results, and Patients were no longer available and the phones did not work.
But the spread of the attack came to a sudden halt when a British cyber security researcher tweeted as @malwaretechblog with the help of security firm Darien Huss Proofpoint, and inadvertently found a “switch break” in malicious software. The researcher, who identified himself as MalwareTech, is a 22-year-old man from South West England who works for Logic Kryptos, a threat-based information society in Los Angeles.
“I had lunch with a friend and I went back to 15 hours and witnessed an influx of articles about the NHS and several British organizations being affected,” he told The Guardian. “I took a look at it and found a sample of malware behind it and saw that it was related to a specific area that was not registered, so ‘collected without knowing what I had done at the time.”
Breaker destruction is coded into malware if the creator wanted to prevent it from spreading. It was a long nonsense domain name to which the malware was made a request – as if a web site were needed – and if the request comes back and shows that the area is alive, the stop switch goes into effect and the Malware continues to spread. The field costs $ 10.69 and immediately recorded thousands of connections per second.