Proofpoint Researchers Significantly Reduce Impact of #WannaCry
The recent WannaCry ransomware attack, that has hit 99+ countries, would have been much larger had it not been for the early actions of both a UK cybersecurity researcher who blogs for Malwaretech and two Proofpoint researchers. In this attack, a powerful Microsoft exploit turned into a very nasty worm. As part of their initial effort, the researchers found and sinkholed a domain name hardcoded in the malware, for $10.69 during the early stages of the attack.
By sinkholing the domain, they stopped the worm from spreading itself even more widely. While the identification occurred after the initial wave hit Europe and Asia, it significantly slowed the spread of this worm and aggressive ransomware worldwide. The malware author(s) appear to have originally inserted the domain as a kill switch so that they could turn off the ransomware spread if they chose to do so, but failed to register the domain.