Prevention is Still the Best “Kill Switch” for Malware

A very ingenious solution to a very serious problem:

An “accidental hero” has halted the global spread of the WannaCry ransomware, reportedly by spending a few dollars on registering a domain name hidden in the malware.

The ransomware has wreaked havoc on organizations including FedEx and Telefonica, as well as the UK’s National Health Service (NHS), where operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work.

However, a UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and activated a “kill switch” in the malicious software.

But it’s important to note that Microsoft had released a patch against this malware back in March.  Microsoft, for all the jibes it takes from the digital community, has made updating its software just about as seamless as it can get.  And I haven’t run into the dreaded “this software worked until the update and then…” problem in a long time.  (I actually run Windows, MacOS and Linux on my various machines.)  Either the NHS’ admins didn’t have their machines set to automatically update or they’re still running XP and Vista.  As good of an operating system as XP is, it’s just too vulnerable to keep it online, especially in a network situation.

Lesson: make sure you’ve got your automatic updates working, in addition to the anti-virus software.  Backing up is also important, but with ransomware the hostage files can get into your backup system before you can stop it.

One more thing: the Guardian told us that the UK based researcher “spent a few dollars” registering the domain name.  Have some pride in your currency; “dropped a few quid” would have been better.  (Unless, of course, he was a Remain supporter and used Euros, or a Bitcoin fan…)

Leave a Reply