Ransomware has been a problem for most of the computer users in the current time as it has been spreading rapidly across the globe. From small computers to big organizations, ransomware has attacked everyone at some point. However, a security researcher, known in the blogging world as MalwareTech recently told BBC how he ‘accidentally’ ceased the virus.
Main Cause; Unregistered Web Address
The blogger told that he had been analyzing the code behind the malware where he found that the virus was communicating with the web address, iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com even though no one had registered it. This was the main point of the virus as every time it tried to connect to this web address, it would fail; hence, doing the damage.
With the aim of getting a hold of the data sent to the web address and analyzing the expansion of the virus, MalwareTech decided to register the web address under his name by spending a meager amount of $10.69 (£8).
The accident that happened here was that as soon as he registered the website, the malware stopped spreading. Talking to BBC, he said:
“It was actually partly accidental; I have not slept a wink”
It has been concluded that the virus was integrated with a kill switch which would exit the binary if the connection to the website succeeded. As MalwareTech registered the website, the virus could now connect to it and hence; ceased further spreading.
However, MalwareTech does not think the same. He said that this might not be a kill switch, rather it might be a way of detecting whether the virus is running on a virtual machine or not. In addition, he further explained by saying that although real computers won’t respond to the website, a virtual machine might treat it as a genuine website by artificially responding to it. He added:
“The malware exits to prevent further analysis. My registration… caused all infections globally to believe they were inside a [virtual machine] and exit… thus we initially unintentionally prevented the spread and further ransoming of computers”
MalwareTech is being called an ‘accidental hero’ because of his work as he has stopped the spread of ransomware for now.
Ransomware Will Come Back
Even though the spread of this virus has stopped right now, the same cannot be said for the future. The files that possessed by the ransomware will still be within its custody.
Quick Read: Ransomware hits 75 countries
According to the security experts, the arrival of a ransomware without this ‘kill switch’ is expected soon. Security researcher Troy Hunt commented:
“This variant shouldn’t be spreading any further, however there’ll almost certainly be copycats”
While talking about the threat of the ransomware, MalwareTech said:
“We have stopped this one, but there will be another one coming and it will not be stoppable by us. There’s a lot of money in this, there is no reason for them to stop. It’s not much effort for them to change the code and start over”