【】
When it comes to online currency, lulz just might outvalue Bitcoin.
A unknown group of hackers is working behind the scenes to restart the ransomware WannaCry, and one security expert believes the culprits this time around aren't who you think.
And neither is their motivation.
SEE ALSO:It won't be easy for WannaCry hackers to get their cashContrary to what you might expect, it appears not to be the initial group responsible for WannaCry now working to startle the ransomware monster awake from its slumber. Rather, we may have some internet randos to thank.
Why? The leading theory, proposed by security researcher Marcus Hutchins, suggests it's all about shits and giggles.
WannaCry rushed onto the international scene on May 12, infecting and encrypting hundreds of thousands of computer systems running unpatched Windows operating systems. The ransomware demanded that victims pay around $300 in the cryptocurrency Bitcoin to their attackers if they ever wanted to see their files again.
"Yeah, it's most likely scriptkiddies doing it for lulz."
Some paid up, but computers stayed encrypted.
And while the damage was bad — England's National Health Service was hit particularly hard — it could have been a lot worse. The ransomware -- which utilized a stolen NSA exploit called EternalBlue -- stopped spreading when Hutchins registered a mysterious domain he discovered in the malware code and sinkholed it.
Hutchins explained the process on his blog, noting that "a sinkhole is a server designed to capture malicious traffic and prevent control of infected computers by the criminals who infected them."
The ransomware, it seems, was designed to contact Hutchins' domain before it spread to the next victim. Hutchins' registration of that domain created a kind of kill switch — effectively telling WannaCry to stop spreading.
As long as that domain, and one other discovered and sinkholed by a different researcher, remain up and active the ransomware won't spread. Which brings us back to our lulz-pirates.
Hutchins has observed an intentional distributed denial of service attack aimed at his domain with the apparent goal of knocking it offline. Wiredreports that the traffic appears to be coming courtesy of the Mirai botnet — the same botnet, comprised of IoT devices like wireless security cameras, that brought down parts of the internet in the fall of 2016.
Tweet may have been deleted
Why would anyone do this? Could the initial WannaCry developers simply want more computers infected with the hope of making more money? Probably not.
As Hutchins confirmed via Twitter direct message, the initial attackers can't appear to even keep up with the volume of decryption requests they've already received.
"[The] decryption system is stupid and completely unscalable," he observed.
In other words, infecting more computers won't exactly translate to more Bitcoin in their wallets. That leaves another possibility: someone just looking to mess with people.
"Yeah, it's most likely scriptkiddies doing it for lulz," Hutchins further speculated — using a term that refers to relatively low-skilled hackers.
So there you have it. If someone manages to knock Hutchins' sinkhole offline, allowing WannaCry to spread further in the process, you'll likely have some random prankster with a messed up sense of humor to thank.
But don't stress about it too much. "The DDoS is unlikely to be successful," reassures Hutchins.
Phew. Now if only Hutchins could solve our other internet security problems.
Featured Video For You
This lightbulb levitates and could last up to 22 years
TopicsCybersecurity
相关文章
- SINGAPORE -- Getting stuff done at the bank often involves having to waste part of your day standing2024-11-21
- NOTE FOR 2022 READERS: This is the 19th in a series of award-winningopen letters to the next century2024-11-21
'Dordle' is a simultaneous double
Another day, another Wordle, and also another Wordle clone offering a delightful or diabolical twist2024-11-21Why MSI's Business Solutions Will Improve Your Office
The tech standards for a modern workplace are constantly evolving. While the cloud has made storage2024-11-21Two astronauts just installed a new parking spot on the International Space Station
UPDATE: Aug. 19, 2016, 2:04 p.m. EDT 。 Astronauts Kate Rubins and Jeff Williams are back in the Inter2024-11-21The creator of Instagram account indiesleaze weighs in on the 'vibe shift'
Have you heard? There may or may not be a vibe shift coming. And the vibe may or may not be shifting2024-11-21
最新评论