The vicious cyberattack swept across the globe Saturday, hitting computers in nearly 100 countries, with Russia and the UK being among the most affected. It locked up critical systems of several high-profile organizations, such as Britain's National Health Service (NHS), Russian telecom company Megafon, Spain's largest telephone company, and international shipper FedEx, and attacked but was contained in other systems, among them the Russian Interior Ministry.
The number of new infections substantially dropped on Saturday after a security researcher, tweeting as @MalwareTechBlog, registered a domain name connected to the malware, thus discovering a secret "kill switch" that can prevent the malware from spreading.
My blog post is done! Now you can read the full story of yesterday's events here:https://t.co/BLFORfM2ud
— MalwareTech (@MalwareTechBlog) 13 мая 2017 г.
I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
— MalwareTech (@MalwareTechBlog) 13 мая 2017 г.
"We are on a downward slope, the infections are extremely few, because the malware is not able to connect to the registered domain," said Vikram Thakur, principal research manager at Symantec, as cited by Deutsche Welle.
Unfortunately, the solution won't help fix systems already infected by the malware.
@MalwareTechBlog has also warned in a tweet that even though the breakthrough halted the unfolding epidemic, more attacks may soon follow. The researcher explained that the attackers may still rewrite the code and relaunch the cycle and urged everyone to promptly patch their systems.
The WannaCry's mechanism of operation is believed to have originally been exposed in the US National Security Agency (NSA) documents dumped in April by a hacking group calling itself Shadow Brokers.
It is unclear from which country the ransomware attack was run and whether it was launched by a group of hackers or an individual.
Microsoft said it released Windows updates to defend against WannaCry in March, but many users and organizations hadn't updated their systems accordingly.