The actions of a quick thinking cyber security expert may have saved untold thousands of computers around the world from infection from the ransomware known as "WannaCry", a form of malware that crippled hundreds of thousands of computer systems around the world when it was launched on Friday. Cyber-security experts are warning that the attack could rear its ugly head once again, and Microsoft has issued a stern warning against nation-state spy agencies that would hoard such computer vulnerabilities, rather than reporting them to the appropriate vendors so that they can be rectified, rather than being turned into crippling weapons of mass extortion.
Following the start of Friday’s assault on computer systems around the world, a cyber security analyst known as MalwareTech found a vulnerability in WannaCry’s code: it had instructions to check in on an otherwise nonsensical URL to see if it had a live webpage on it. MalwareTech quickly purchased the oddball URL (for a mere $10.69) and posted a simple webpage on it (it simply says "sinkhole.tech – where the bots party hard and the researchers harder"), to see what would happen. This simple action wound up acting as an extremely effective kill switch that disabled WannaCry infections around the world.
MalwareTech warns that while this simple exploit was effective, it wouldn’t take much effort on the part of the ransomware attack’s perpetrators to alter the code to either change the kill switch, or to eliminate it altogether, allowing it to continue freezing infected computer systems. The attack is already considered the world’s largest of its kind: as of this writing, over 185,000 computer systems in 150 countries have been affected, and security experts are warning that WannaCry’s reign might not yet be over.
WannaCry makes use of a security vulnerability in older, now unsupported versions of Windows, such as XP, that had been discovered by the NSA, of whom hoarded knowledge of the exploit for their own purposes. In response to this, Microsoft President and Chief Legal Officer Brad Smith has issued a stern warning to world governments to stop stockpiling cyber-exploits such as this, and rather to report these vulnerabilities to their respective software vendors so they can be patched.
Citing the WannaCry attack as a wake-up call to the world’s governments, Smith renewed Microsoft’s call for the formation of a "Digital Geneva Convention", an agreement for nations to hand over their stockpiled computer exploits, to avoid putting civilian information networks — and possibly lives — in jeopardy.
"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," Smith asserts in his blog post on the matter. "An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action."