Huge Ransomware Attack Stopped by Accident: What to Do

A massive ransomware attack spread across the globe Friday (May 12), with reports of computer systems being locked up in Russia, Western Europe, East Asia and North America. British hospitals and a Spanish telecom were the most visible victims, but the largest number of attacks seemed to be in Russia.

The Spanish telecommunications giant Telefonica had its systems brought down by ransomware that showed a ransom screen nearly identical to those hitting English hospitals, according to a report by the newspaper El Mundo.

“I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental,” MalwareTech tweeted late on Friday. “So I can only add ‘accidentally stopped an international cyber attack’ to my résumé.”

If you haven’t updated your systems to prevent infection by WanaCryptor, do so immediately, because MalwareTech’s kill switch is not a permanent solution.

“One thing that is very important to note is our sinkholing only stops this sample,” he noted in his blog posting. “There is nothing stopping them removing the domain check and trying again, so it’s incredibly important that any unpatched systems are patched as quickly as possible.”