Thanks to a lucky find by a UK-based security researcher, yesterday’s massive global ransomware attack is reported to be slowing down today. Dubbed WannaCry or WannaCrypt, the monstrous ransomware hack hit hospitals, schools, government agencies, and other organizations around the globe, Friday, May 12 — locking them out of their own systems and demanding ransom to be paid in Bitcoin.
While now on the decline, WannaCrypt could still pose a potential threat to users who have not updated their systems to patch the vulnerability, which affects older versions of Microsoft Windows.
Europol’s European Cybercrime Centre, EC3, said in a statement today that the attack was “at an unprecedented level and will require a complex international investigation to identify the culprits.” The ransomware appeared to have hit some 100,000 systems, more than half in Russia, according to a tweet yesterday by malware researcher Jakub Kroustek.
Citing the far-reaching potential impact on customers, Microsoft took the unusual step of offering a custom support security update for users with versions of Windows that are no longer supported.
Domain Registration Killed Attack
In a post today, UK-based security researcher MalwareTech described how he checked a cyber threat sharing platform after returning home from lunch to discover that National Health Service systems across Britain were being hit by a cyberattack.
“Although ransomware on a public sector system isn’t even newsworthy, systems being hit simultaneously across the country is (contrary to popular belief, most NHS employees don’t open phishing emails which suggested that something to be this widespread it would have to be propagated using another method),” MalwareTech wrote. “I was quickly able to get a sample of the malware with the help of Kafeine, a good friend and fellow researcher. Upon running the sample in my analysis environment I instantly noticed it queried an unregistered domain, which…