The new ‘WannaCry’ ransomware that swept through Russia and Europe overnight has had its spread stifled by an eagle-eyed malware expert. However some are arguing this type of ransomware could sound the death knell for Bitcoin.
Cybersecurity researcher @malwaretechblog began scanning the new ‘WannaCry’ ransomware code when news of the its rapid spread broke yesterday in the UK. As it spread through Europe, Russia and Asia, he noticed the program had what looked like an embedded “killswitch” that enabled him to stop the spread of the malware — by registering a domain referenced within the code.
This particular ransomware is a variation of programs that were exploited by the NSA, and later dumped online by a group calling themselves ‘Shadow Brokers’. It exploits weaknesses or backdoors in security systems and then encrypts the data, demanding a bitcoin ransom payment in return for decryption. It has been reported that at least $17k had already been paid out to the attacker before @malwaretechblog happened upon the solution.
For the small sum of $10.69 he was able to halt the spread, as the ‘killswitch’ stopped the malware if the domain it made a request to went live. Unfortunately, the solution did not come quick enough for Britain’s NHS system, which was the highest profile victim. At one stage the NHS’s critical medical infrastructure was unable to be used due to the malware.
‘Accidental Hero’ Halts Spread of Ransomware Attack
Ryan Kalember from the UK security firm Proofpoint, called @malwaretechblog an ‘accidental hero’; the twitter security researcher wasn’t aware of the significance of registering the domain until after he purchased it.
I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
— MalwareTech (@MalwareTechBlog) May 13, 2017
Stopping the spread of the ransomware cannot not help machines already infected, nor can it stop further variations emerging, but it has given those outside of Asia and Europe time to patch their systems to prevent the ransomware from affecting their systems.
Many companies responded quickly by providing patches for their users, with Microsoft going as far as providing solutions for unsupported products, as @malwaretechblog noted:
Shout out to Microsoft who released an out of bounds patch for Windows XP (no longer supported).https://t.co/AEKU8MEsCO
— MalwareTechLab (@MalwareTechLab) May 13, 2017
Possibility of a Bitcoin Backlash?
While bitcoin users immediately worried about the negative publicity they feel will be generated by the ransomware for using bitcoin, the bigger problem is the speed and effectiveness with which these ransomware attacks spread, and the vulnerabilities that appear in such a wide range of critical systems.
Somewhat presciently, on 5th May The Daily Reckoning published what seemed like just another overblown, clickbait article titled ‘The Death of Bitcoin’. Most of the comments lambasted the authors for yet another Bitcoin “obituary” — but remarkably, the death they envisioned stemmed from exactly what occurred a week later: ransomware attacks. The authors theorized that when there’s a ransomware attack on vital US infrastructure or where American lives are a stake, then “that’s when the encrypted emperor will be stripped naked. Bitcoin will bear the full brunt of a media and government onslaught”.
With the ever-increasing sophistication of hackers and hacking tools, combined with leaks from secretive government agencies, ransomware will not be going away any time soon. Whether Bitcoin gets dragged into the fallout of a major attack is only a guess at this stage, but regardless, most of the community agrees — eventually the government will come for Bitcoin.
Could WannaCry still have fallout for the Bitcoin community? Let’s hear your opinions.
Images via Pixabay