The massive ransomware attack that crippled more than 20% of hospitals in the United Kingdom and disabled systems in as many as 74 countries appears to have been inadvertently stopped by a 22-year-old computer security researcher in England who began studying it Friday afternoon.
The story, which the as-yet-unnamed security whiz wrote up in a blog post on Saturday, is an example of the driven-to-puzzle-things-out mentality typical of people drawn to cybersecurity.
“He was in the right place at the right time, and he did the right thing without any hesitation,” said Dan Kaminsky, a longtime security researcher and chief scientist at White Ops, a New York-based based security firm.
Because nobody’s really in charge of the Internet, it’s messy and wonderful in equal proportion, he said.
“We maintain it with duct tape, baling wire and the good graces of no small number of ‘volunteer firefighters.’ I am hopeful for a future with more formal, funded support for this foundation of our suddenly global information economy. But it’s pretty great that a 22-year-old can see a worldwide problem and spend a bit to help us all,” Kaminsky said.
How it happened
The ransomware appears to have first appeared at 3:24 a.m. ET on Friday, said Craig Williams, a senior technical leader at Talos, the security research arm of San Jose, Calif.-based tech company Cisco.
Within about seven hours it had been stopped in its tracks.
For the analyst, who for security reasons has chosen to only be identified by his online blog name of MalwareTech, things hit after lunch on Friday when he noticed all the fuss about a global ransomware attack and decided to investigate.
His day job is as a security researcher at Los Angeles-based Kryptos Logic, but he was actually supposed to be on vacation this week so he hadn’t been plugged in.
“We’d had quite a bit of work over the last few months and we were both off. I’m actually in Venice right now,” said his boss, Salim Neino, CEO of Kryptos Logic. “We were talking online about how the biggest cyberattack of the year happens and we’re both off.”
Neither MalwareTech nor his boss stayed off, however.
Although only 22, he is known in the close-knit world of cybersecurity as someone who’s good at “taking down big ugly things that are spreading fast,” in the words of Ryan Kalember, vice president for cybersecurity at Proofpoint, a Sunnyvale, Calif.-based security company.
First credit to actually getting a sample of the malicious software code appears to go to Kafeine, a security researcher who doesn’t give press interviews and only goes by his screen name, but who works for Proofpoint.
Malware Tech called him “a good friend and fellow researcher” in his blog post and noted that Kafeine passed him the sample so he could begin to reverse engineer it to see how it did what it was doing.
One of the first things MalwareTech noticed was that as soon as it installed itself on a new machine, the malware tried to send a message to an unregistered Internet address, or domain name.
He promptly registered that domain, so he could see what it was up to. This was at around 3 p.m. in London, 10 a.m. ET.
The registration wasn’t done on a whim, he noted. “My job is to look for ways we can track and potentially stop botnets (and other kinds of malware),” he wrote on his blog.
However, in doing so, MalwareTech had inadvertently stopped the entire global attack in its tracks, though it took him and others awhile longer to realize it.
“Humorously,” he wrote, “at this point we had unknowingly killed the malware.”
The malware contained computer code that pinged an unregistered Web address, and if it didn’t get back a message saying the address didn’t exist, it would turn itself off. Computers that were already infected with the ransomware weren’t protected but the ransomware stopped spreading except in isolated systems, said Williams.
“We think it was a kill switch that the creators built in,” said Kalember. They would have been able to stop the spread of the software simply by registering and setting up the Web address — except MalwareTech got there first.
As a final test, he first ran the malware in a closed environment that was connected to the registered website and got nothing.
Then he ran it again after modifying the host system so that the connection would be unsuccessful, and the ransomware promptly took it over.
“Now you probably can’t picture a grown man jumping around with the excitement of having just been ransomwared, but this was me. The failure of the ransomware to run the first time and then the subsequent success on the second mean that we had in fact prevented the spread of the ransomware and prevented it ransoming any new computer since the registration of the domain,” he wrote.
The website registration that stopped the ransomware that had caused thousands of companies tens of thousands of dollars worth of damage “cost about $10,” said Neino.
Darien Huss, a security researcher at Proofpoint who’d been helping MalwareTech with the analysis, tweeted at 10:29 a.m. ET that the unregistered domain had been registered and the malware had stopped spreading.
“We were then able to get all the information out to the FBI,” said Neino.
Soon thereafter the United Kingdom’s National Cyber Security Centre posted the text of MalwareTech’s blog on its site.
While this particular variant of the malware has been stopped, security experts are quick to point out that all that the criminals behind it would need to do is rewrite the code to either ping a different domain or remove that domain check and send it out.
This makes it all the more important that computers and networks quickly install the Windows patches that fix the problem that allowed the code to so easily spread in the first place. Microsoft issued that patch on March 14 but clearly many systems had not installed the crucial new software.
After a long and fruitful day, MalwareTech suggested that people do just that, then wrote, “Now I should probably sleep.”
Next Up:Apple Will Launch 10.5” iPad Pro and Siri Speaker At WWDC – Worldwide Developers Conference
TStv to Encrypt it’s Channels, roll out 62 Premium Entertainment Channels
TStv has announced that all of it’s Television channels will be encrypted. This means that the channels on TSTV will no longer be Free-to-air (FTA). The service provider also announced that it will include 62 premium Entertainment channels in it’s collection.
TStv channels will be encrypted starting from 11:50 on November 27th. Also, the premium entertainment channels will be included to the service on 28th November. Prior to the update, viewers will have to pick up a TStv Jolly Decoder at a dealer outlet.
Owners of the Sassy Decoder are advised to visit any nearest dealer to get the decoder fully activated.
TStv currently has over 50 plus channels which in addy is the 16 premium entertainment channels coming soon.
TStv Africa is a owned Nigerian innovative Pay TV Operator that offer Pay As You View (PAYV) subscription, pause subscription, complimentary internet service and video call.
TStv sometime went out of the market due to the challenges the company faced even to the “Satellite Providers”. The good news is that they began full operation on 20th August after NigComSat offered them 5 units of 35.5MHz transponders through a collaboration with Intertel, Federal Ministry of Communications and Nigcomsat.
MTN APN Configuration That Works – Mobile and Modem
MTN APN is what is required to enable internet connection on your phone. APN is an acronym for Access Point Name. Access Point Name is typically the name of the gateway connecting your internet enabled device to the web through an internet service provider, such as MTN.
Most often we run into the problem of missing APN configuration and can’t surf the web with our phone or modem. If you have your APN configured before now and you still cannot browse, make the listed below are in order.
- Data subscription balance
- Data monitor app threshold
- Other phones of same network can browse. Your inability to browse could be a general problem from the service provider at the moment.
- Network signal reception
In Nigeria you can fall into the hands of the wrong people, who will charge you high amount of money in the name of configuring your phone for browsing.
To get the configuration pushed automatically to your phone by MTN.
Send as a text message “Settings” to 3888. Without quotes.
If the above method fails to get you APN configuration, you can fall back to configuring it yourself which always works.
For Mobile phones, navigate to “mobile network” in settings through more connections option, and you should see APN configuration option there.
Note: If your device works just fine, you are advised not to go further. But if for a reason you deleted the pre-installed APN configuration and you want to get it back. You’re welcome. The configurations work for 2G, 3G and 4G network type.
MTN APN settings for smartphones (iOS and Android)
Note: For MTN 4G MiFi modems, the above configuration works for such devices.
MTN APN settings for modems (U.S.B stick modems)
Access Point Name is unique to every service provider and can come pre-configured in SIM cards. When you slot in a new SIM card into a phone, it goes through it’s initiation to the service provider’s system. The service provider can then push necessary configurations to the device. Devices with MTN SIM card making an internet connection must be configured with an APN to present to MTN.
MTN will then examine this APN to determine what type of connection should be created, for example: which IP addresses should be assigned to the wireless device, which security methods should be used, etc. All of which is done in a second by a programmed system.
#ReallyFreeData, Airtel is dashing free data weekly on Recharge Plus
Airtel NG is currently giving out free 250mb data to its subscribers so long as you keep recharging your line. The good news is that you get 250Mb every week, once you meet your recharging target. All Airtel users are qualified for this promo and it gets even better because you can use the data to access any website and content.
You can do the recharging through your bank and still get the reward. In total you enjoy 1GB monthly for simply topping up your airtime. You can use the airtime for regular uses, such as making calls and sending text, even subscribing to a regular data plan.
Speaking of the requirements to enjoy this offer, Airtel NG says you have to recharge your line consistently. Consistently in order to meet your weekly target.
How it Works:
- To get started, you have to first recharge your Airtel line.
- Check your weekly target by dialing *479# or check your recharge notifications.
- Recharge to hit your target
- Get rewarded with 250MB free.
- Dial *123# or *140#. to check balance
Hard to say:
The free data bonus is valid till Sunday 23.59pm every week. You don’t get the reward twice a week, so no need beating the target twice. Airtel didn’t say how long the offer lasts, but it looks like one that its not going over yet. You can’t roll over any unused data. That is to say, once it expires, it’s gone, no renewals.
[signoff predefined=”Google News” icon=”info-circled”][/signoff]
- Applications2 years ago
Infinix XOS Chameleon Features
- Tech1 year ago
Read all Tecno Spark K5 Specification and features
- Tech2 years ago
9mobile Social Bundle Subscription Codes.
- Tech2 years ago
Huawei Dtab Compact d-01J DoCoMo On GFXbench
- Gadgets6 months ago
Infinix Zero 6 – Specifications leaked in live image renders