It has finally happened, the WannaCry ransomware that has been wreaking havoc and holding Microsoft Windows based systems to ransom by encrypting their files has stopped spreading. What is more interesting is that to stop it spreading only required the registration of a specific domain name.
Despite being stopped, the 22-year cyber security researcher from the UK who stopped the ransomware's spread has said that it is possible that those who initiated the attack on Friday 12 May 2017 could go on to alter the code and restart the attack all over again.
“I was out having lunch with a friend and got back about 3pm and saw an influx of news articles about the NHS and various UK organisations being hit,” the cyber security researcher who prefers to remain anonymous is reported to have said. “I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.”
He said that he observed that the ransomware's code was always checking if a specific domain name was registered and if it was registered the code would deactivate the spread of WannaCry.
As he has highlighted, given that the code that is responsible for the ransomware is available freely on the Internet, it could just be just a matter of time before someone else modifies the code and restarts a similar attack.
In the mean time here are some tips on how you can protect yourself from the next possible and similar ransomware attack.