Today, May 14th, the “Tops News Headlines” section of the CBC website has the following headline on top: “More people could be hit by global ‘ransomware’ cyberattack Monday, police agency warns”.
Do the CBC reporters not read news from other sources? Consider the following news item which was on the BBC website yesterday.
Yes, this particular cyberattack is over. For some background here are some relevant tweets, in chronological order, from the twitter feed @MalwareTechBlog. This Twitter handle is registered to the guy who accidentally stopped this cyberattack.
From what I can gather the NHS ransomware is WannaCrypt (wcry) spreading using P2P exploitation of SMB with leaked NSA exploit.
Some analysts are suggesting by sinkholing the domain we stopped the infection? Can anyone confirm?
#WannaCry propagation payload contains previously unregistered domain, execution fails now that domain has been sinkholed
I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
So long as the domain isn’t revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again.
My bad – finished analyzing all
#Wannacry worm mods we have and they all have the kill switch inside. No version without a kill-switch yet.
Yes CBC, you read that right. This “particular strain” of cyberattack is over because the virus will go check for the domain name and execution will fail. A new cyberattack will require a different virus code which doesn’t rely on checking for the status of this domain name. You should have known this two days ago.
It is strange that after every Ottawa Senators playoff game this season, CBC has been able to find “8 tweets that defined Game….“, but the reporters cannot find tweets relevant to other news.