Hackers are trying to bring the WannaCry ransomware back from the dead

[froggyboy604]

Interestingly enough, security researchers now claim that there’s a clever and concerted campaign to bring the malware back from the dead. The strategy? Taking the kill-switch domain off-line by any means necessary.

According to a report from Wired, botnets are now being mobilized to launch a DDoS attack against the kill-switch domain.

Now a few devious hackers appear to be trying to combine those two internet plagues: They’re using their own copycats of the Mirai botnet to attack WannaCry’s kill-switch. So far, researchers have managed to fight off the attacks. But in the unlikely event that the hackers succeed, the ransomware could once again start spreading unabated.

Read More

I wonder if the kill-switch domain owner would eventually let the domain expire someday, sell it, or keep the killswitch domain running until most WannaCry infected computers spreading Ransomware are gone.

Hopefully, the DDoS against the Killswitch domain does not slow down other web users, and websites which use the same connection or server if it is using shared or VPS web hosting.

 

[Demon_Skeith]

Figures someone want to bring it back, hopefully it won't happen or not come back even worse.

 

[froggyboy604]

Figures someone want to bring it back, hopefully it won't happen or not come back even worse.

I think as long as the website domain name server/DNS name server for the domain name is online, the killswitch will be activated, so the original WannaCry can't spread. But, clones of the WannaCry Ransomware can spread if there is no killswitch domain, or the killswitch domain is different.

I think once most of the infected computers are taken offline, and users patch their version of Windows, and use a firewall program to block the SMB port 445, the chance of getting infected by the WannaCry security vulnerability is less likely.

Hopefully, the killswitch domain can handle the many DDoS botnet attacks for long enough where most users can update their version of Windows, and secure their Windows computer with a firewall, antivirus, and other security software.

 

[Ash]

At first I thought couldn't they just change the code to check for another random domain but then I realised people could just buy that domain again as well. Is there no way for them to hide the domain in the code? (Hopefully not of course, I'm not supporting the hackers )

 

[froggyboy604]

At first I thought couldn't they just change the code to check for another random domain but then I realised people could just buy that domain again as well. Is there no way for them to hide the domain in the code? (Hopefully not of course, I'm not supporting the hackers )

Newer versions of the WannaCry Ransomware no longer comes with a KillSwitch domain. Some ransomware makers do not want their ransomware to ever die until all infected computers with their ransomware on it are disconnected from the internet

Creating a Killswitch domain can cause the government to take control of the domain, and turn ON the killswitch.

I think there are ways to hide the domain name better in the code, but the internet service provider, network admin, and security researchers can be able to use a internet tracking program to see what killswitch domain name a Ransomware is trying to look for when looking for a Killswitch domain.