But it's not true, neither the threat is over yet.
However, the kill switch has just slowed down the infection rate.
Moreover, multiple security researchers have claimed that more samples of WannaCry are in the wild without 'kill-switch' domain connect function, referred as WannaCry 2.0, and still infecting unpatched computers worldwide.
So far, over 213,000 computers across 99 countries around the world have been infected, and the infection is still rising even hours after the kill switch was triggered by the 22-years-old British security researcher behind the twitter handle 'MalwareTech.'
For those unaware, WannaCry is an insanely fast-spreading ransomware malware that leverages a Windows SMB exploit to remotely target a computer running on unpatched or unsupported versions of Windows.
Once infected, WannaCry also scans for other vulnerable computers connected to the same network, as well scans random hosts on the wider Internet, to spread quickly.
The SMB exploit, currently being used by WannaCry, has been identified as EternalBlue, a collection of hacking tools allegedly created by the NSA and then subsequently dumped by a hacking group calling itself "The Shadow Brokers" over a month ago.
"If NSA had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened," NSA whistleblower Edward Snowden says.
Kill-Switch for WannaCry? No, It's not over yet!
hxxp://www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]comThe above-mentioned domain is responsible for keeping WannaCry propagating and spreading like a worm, as I previously explained that if the connection to this domain fails, the SMB worm proceeds to infect the system.
Fortunately, MalwareTech registered this domain in question and created a sinkhole – tactic researchers use to redirect traffic from the infected machines to a self-controlled system.
0 yorum: