The majority of the attacks targeted Russia, Ukraine and Taiwan. But the National Health Service in the United Kingdom and global firms such as Fedex also reported they had come under assault Friday. Experts suggested Saturday that the ransomware's progress had been halted, but new attacks could soon follow.
Cybersecurity experts have been working round the clock to try to halt a malware attack that is unprecedented in scale.
The ransomware's progress has been halted by the accidental discovery late Friday of a "kill switch" hidden within the code by a security researcher, said cybersecurity consultant David Kennedy, formerly of the US National Security Agency.
"The software has actually stopped spreading across the world," he told CNN.
"He actually probably saved lives by accident," Kennedy said, referring to the security researcher who discovered the kill switch.
The ransomware was designed to repeatedly contact an unregistered domain listed in its code. The security researcher -- who uses the Twitter handle @MalwareTechBlog -- registered that domain to collect the ransomware traffic for analysis and to track infections.
"Later we found out that the domain was supposed to be unregistered and the malware was counting on this, thus by registering it we inadvertently stopped any subsequent infections," @MalwareTechBlog told CNNTech. The security researcher has posted an online account of finding the kill switch.
However, a hacker could change the code to create a new variant and try the ransomware attack again.
Michael Gazeley, managing director of cybersecurity firm Network Box, told CNN that the danger is far from over and that a company's security patch on Saturday might not still work by Monday.
"A lot of people are going to go to work on Monday and click on a link in their mail -- completely oblivious that all of this is going on or have heard about it and think that it's over -- and suddenly wipe out their whole company," Gazeley said from Hong Kong.
continue reading
Cybersecurity experts have been working round the clock to try to halt a malware attack that is unprecedented in scale.
The ransomware's progress has been halted by the accidental discovery late Friday of a "kill switch" hidden within the code by a security researcher, said cybersecurity consultant David Kennedy, formerly of the US National Security Agency.
"The software has actually stopped spreading across the world," he told CNN.
"He actually probably saved lives by accident," Kennedy said, referring to the security researcher who discovered the kill switch.
The ransomware was designed to repeatedly contact an unregistered domain listed in its code. The security researcher -- who uses the Twitter handle @MalwareTechBlog -- registered that domain to collect the ransomware traffic for analysis and to track infections.
"Later we found out that the domain was supposed to be unregistered and the malware was counting on this, thus by registering it we inadvertently stopped any subsequent infections," @MalwareTechBlog told CNNTech. The security researcher has posted an online account of finding the kill switch.
However, a hacker could change the code to create a new variant and try the ransomware attack again.
Michael Gazeley, managing director of cybersecurity firm Network Box, told CNN that the danger is far from over and that a company's security patch on Saturday might not still work by Monday.
"A lot of people are going to go to work on Monday and click on a link in their mail -- completely oblivious that all of this is going on or have heard about it and think that it's over -- and suddenly wipe out their whole company," Gazeley said from Hong Kong.
continue reading
