Short Bytes: The pace of WannaCry ransomware was slowed down by an accidental kill switch. Now, the notorious hackers are trying to reignite the ransomware. They are trying to do so by DDoSing the kill switch domains using botnets made of Mirai malware. Marcus Hutchins, who discovered kill switch, says that these DDoS attacks don’t seem to be the work of the original WannaCry creators.Over last week, WannaCry ransomware targeted hundreds of thousands of computer systems running older operating systems like Windows XP and Windows 7. It crippled numerous system in more than 150 countries. But, after a security researcher accidentally found a distinct feature in the form a kill switch, its pace was slowed down.
The kill switch worked this way — The ransomware, after infecting a computer, first tried to connect to a random-looking URL. This was done to make sure that the ransomware isn’t under scrutiny. If WannaCry was able to connect to that URL, it went dormant.
Now, the security researchers are claiming that the cyber criminals are working on a clever technique to bring back the malware from dead.
According to a report from Wired, hackers are using botnets to launch a DDoS attack against the kill switch domains. By taking down the domain, the attack might reignite. The report also notes that not all WannaCry infections would immediately reignite as ransomware stops scanning for new victims 24 hrs after installing itself on the computer.
Today's Sinkhole DDoS Attack pic.twitter.com/wxT2YUrdOF
— MalwareTech (@MalwareTechBlog) May 18, 2017
Marcus Hutchins aka Malwaretech, who discovered kill switch, says that near-daily attacks from the botnets built with Mirai malware are slowly ticking up in impact and size. The first big DDoS attack came with 20 gigabits per second of traffic.
Hutchins says that setting up a Mirai botnet is very easy and the latest attacks don’t seem to be the work of the original WannaCry creators. “The initial developers were doing it for money,” he adds. “These people are doing it just for the fun of hurting people. Which I guess is worse.”
Meanwhile, security researchers have been able to find a fix for WannaCry ransomware, which can be downloaded here.