'Wannacry' ransomware evolves to combat kill-switch

Since news of the ransomware outbreak first started emerging earlier this week, the number of computers affected by 'Wannacry' has increased from 57,000 to just over 200,000 worldwide. It's likely that things will get worse before they get better. Despite security researchers working around the clock to find solutions to the problem, the number of infections is expected to grow even larger with the start of the new week, as many business that were unaffected at the start of the attack on Friday return to work at their possibly unpatched systems.

In the meantime, Microsoft has not only encouraged users to download the fix they released for the vulnerability back in March but has also created a patch for unsupported OSes like Windows XP, Windows 8, and Windows Server 2003.

While those unaffected by the attack should be okay as long as they obtain the relevant patch, for those already affected or those unable to obtain the fix, researchers had recently found a temporary solution preventing the further spread of infections, which the malware has now evolved around. Soon after the attack occurred, a researcher registered a domain which the malware seems to ping before infection. Once it did, this would act as a sort of kill-switch, instructing the malware to not proceed with the encryption of files, rendering it inert.

As was expected, however, the individuals behind 'Wannacry' have now made modifications to the malware in order to circumvent this solution, with many samples of the malware being discovered that either have no such kill-switch, or which ping to a different domain than the one discovered by the researcher.

Given the ramp up in severity of this situation, we strongly recommend users update their antivirus and anti-malware software to the latest definitions, and obtain the relevant fixes from Microsoft as quickly as possible, in order to prevent an infection on their own machine.

Via: Engadget

Report a problem with article
1494624122__96034173_cryptor3
Next Article

Microsoft says stockpiling of hacking tools by governments partly to blame for recent attack

treadwell1
Previous Article

Microsoft announces results of its Windows Developer Awards

11 Comments - Add comment

Advertisement