Famed painter and TV personality Bob Ross was beloved for his soothing instructional style and effortless technique, but he was also well known for referring to his occasional painting mistakes as “happy little accidents” which would quickly be transformed into art. In the technology industry, “accidents” are rarely happy and even the little ones have a tendency to “go big” way too often, but this past weekend a British security researcher for Ars Technica briefly held back the WannaCry horde purely by accident, possibly long enough for Microsoft to rally and release an out-of-band patch for the old operating systems that were being hit hardest by the malware.
Tell us a story, Woo!
I’d like to say that his exploits would make for a great Hollywood movie, but that would be a happy little lie. Instead, the researcher known as “MalwareTech” registered a domain name he found in the code of WannaCry as part of standard operating procedure. Contemporary malware often uses random/junk domain names to host command and control infrastructure used to direct activities of their bot armies, and security researchers like our hero often register any unregistered domains they find in malware code in order to “sinkhole” infections and dismantle bot armies built around domains now under the control of the good guys. Think of it as a virtual sting operation. Usually this would put a small dent in the overall cyberattack, but in this case the WannaCry malware stopped in its tracks as, in this case, the domain was designed as a kill-switch. Once the malware saw that the domain actually existed on the internet, it was programmed to stop working.
Sadly, this wasn’t the triumphant conclusion to an epic trilogy, but the dark, middle chapter in the ongoing war: shortly after the accidentally won respite, new variants of WannaCry started propagating sans the kill-switch, and the battle is rejoined. Fortunately for the “good guys” Microsoft issued emergency patches for Server 2k3 and Windows XP and several other End-of-life operating systems still in wide use around the world, but this desperate Hail Mary only prolongs the slow slide into complete obsolescence for some companies that foolishly cling to unsupported technology in a classic example of “penny-wise, pound foolish.”
Despite the brief, shining moment of hope, the kill-switch didn’t magically undo the thousands of encrypted hard drives already kidnapped by WannaCry. Unless they have backups of their data, the victims face the hard choice of paying the ransom or wiping it all out and starting from scratch. And even if they are able to restore from backups, will the sting of this attack be enough to galvanize change, or just another Sisyphean trudge up a well-worn hill?
Image courtesy of Stuart Miles at FreeDigitalPhotos.net