Skip to main content

'Accidental hero' slowed the global ransomware attack – but it might not be over

The malware locks up your computer and threatens to wipe your files, unless you pay $300 in bitcoin.

The ransomware attack that locked up thousands of computers across dozens of countries slowed down over the weekend, thanks to a young man dubbed the "accidental hero."

But that same person is one of the many voices warning that the malware could be back in full force, as soon as Monday.

The WanaCrypt0r attack that quickly spread last Friday hasn't completely stopped. The Avast security blog said as of about 8 a.m. CST, it had seen more than 199,000 detections of the malware across 104 countries. The U.S. Department of Homeland Security is even keeping an eye on it.

The ransomware affects Microsoft Windows machines. It takes over the computer, locking all your important files and demanding a payment of $300 in bitcoin. The longer you wait, the higher that amount goes. And if you don't pay, it wipes your computer. (If you want an in-depth explanation of exactly how it takes over, check out this story by BleepingComputer.)

This Twitter account appears to be tracking how much money has been paid to the bitcoin accounts the attackers are using. On Monday morning, it was above $53,000.

The first slowdown

The malware hit hospitals, train stations, phone companies, FedEx, and plenty of others during its initial wave.

But it was slowed down considerably when a malware researcher who goes by MalwareTech inadvertently got in its way. MalwareTech explains it here on his blog, or you can read The Guardian's write-up.

For some reason, the malware includes a kill switch – it checks in with a specific nonsense URL, iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com. If that URL has been registered, the malware stops itself. If it has not been registered yet, it keeps spreading.

MalwareTech (a 22-year-old from the UK), after poking around, saw the malware was referencing that nonsense URL, and paid a small amount of money to register it – not realizing how big of an impact it would have. When the malware saw it was now registered, it would not ransom the system.

That earned MalwareTech the moniker of "accidental hero."

But it might not be over

Still, MalwareTech and others are warning people this ransomware attack isn't necessarily done with.

"We haven’t seen a second spike in #WannaCry #ransomware attacks, but that doesn’t mean there won’t be one," the UK's National Crime Agency tweeted.

Bleeping Computer reported a ransomware attack with a second kill switch was detected Sunday, though quickly shut down. Copycats have also cropped up.

And MalwareTech quickly noted "all [the attackers] need to do is change some code and start again." And it could easily be back out there.

So patch your computer

Microsoft issued a patch back in March that covered up the security hole the malware takes advantage of. After the attack, Microsoft even took the step of issuing a security update for versions it doesn't support anymore: Windows XP, Windows 8, and Windows Server 2003.

Best Buy also has a short FAQ on things you can do to back-up your data and protect yourself.

Not everybody has downloaded and installed the security updates however. Meaning they're still vulnerable.

Brad Smith, president and chief legal officer at Microsoft, also took a swipe at the NSA.

The security hole in Windows that the attackers used here was known and logged by the NSA. And in April, the hacker group Shadow Brokers leaked a bunch of data it said was from the NSA – including information about this security flaw.

Microsoft's Smith compared it to the military getting a Tomahawk missile stolen.

"The governments of the world should treat this attack as a wake-up call," he said.

Next Up

Screen Shot 2022-01-28 at 10.38.41 PM

North Dakota Attorney General Wayne Stenehjem dead at 68

His office announced he had passed away 'unexpectedly' Friday.

Karl-Anthony Towns, Chris Finch

Suns get hot, Timberwolves fall in Phoenix

A scorching performance in the fourth quarter sent the Wolves to a loss in the desert.

Mats Zuccarello

Zuccarello helps Wild spoil Lundqvist's retirement party

After Henrik Lundqvist's jersey was hung to the rafters, Zuccarello led a 3-2 win.

Screen Shot 2022-01-28 at 5.04.00 PM

David Arquette gives shoutout to MN's F1rst Wrestling on James Corden show

The Hollywood actor wrestled at at a F1rst Wrestling show at First Avenue in early 2019.

Best Buy - jjbers, Flickr

6 charged in Black Friday mass thefts at Twin Cities Best Buys

The group stole from three Best Buy stores that afternoon, the charges say.

Nicollet County Bell Jan 2022 4

Thieves steal large bell from rural MN church, don't get far with it

The bell was found in a ditch with tow ropes around it.

covid

COVID: More help coming to Minnesota hospitals, Walz says

More than 200 medical professionals are coming to help at short-staffed hospitals.

Screen Shot 2022-01-28 at 9.04.12 AM

Suspect arrested after falling asleep in vehicle at rest stop

The man was sleeping in a stolen vehicle in the parking lot of an I-94 rest area.

DOminos pizza flickr mr blue maumau

Charges: Edina man threatened to shoot up Domino's Pizza

He claimed a delivery driver had flipped him off, the charges say.

carvana vending machine

Carvana seeking to build vehicle vending machine in Twin Cities

The online car dealership submitted a letter of intent to buy land in the metro to build a fulfillment center.

Kwesi Adofo-Mensah

Coller: New Vikings GM Adofo-Mensah needs to be ruthless

Kwesi Adofo-Mensah needs to make some big, difficult decisions, writes Matthew Coller.

Patrick Graham

Report: Vikings to interview Giants' Patrick Graham for head coach

Graham coached with the Patriots under Bill Belichick for six years.

Related

What to know about this global cyber attack

Researchers think it could be a malware that's been sold on the dark web's black market.

How safe from a ransomware attack are Minnesota's government computers?

WannaCry ransomware has been detected across more than 200,000 computers in 100-plus countries. So how protected is Minnesota?

WikiLeaks leak claims CIA can get past phone encryption, hack into Smart TVs

This leak of more than 8,000 files has not been authenticated – though it appears legitimate.

A cyber attack is holding computers around the world for ransom

One malware site says this WannaCry attack has been detected in 99 countries.

Russian hacker admits to helping infect thousands of servers – including in MN

Get ready to learn about Ebury malware, and how it was used to get millions of dollars.

Video: What you need to know about ransomware and protecting your stuff

WannaCry isn't the only one out there, so it's best to be prepared.

New proposal: Internet companies should pay you if they use or sell your data

It's your data that's valuable – should you get compensated for it?

Chipotle's payment systems were hacked – see if the one you go to was hit

Malware got into the register and card payment systems and scraped up info.