Franklin, Andrews, Kramer & Edelstein

[BullNBear52]

What We Know and Don’t Know About the International Cyberattack
By RUSSELL GOLDMANUPDATED 9:12 AM

...How Was the Attack Curbed?

¦ The attackers, who have yet to be identified, had included a “kill switch” in their attack, a way of disabling the malware in case they wanted to shut down their activities. To do so, the assailants included code in the ransomware that would stop it from spreading if the virus sent an online request to a specific website, such as one created by the attackers.

¦ When the 22-year-old British researcher whose Twitter handle is @MalwareTechBlog saw during the attack that the kill switch’s domain name had not been registered, he bought it himself. By making the site go live, the researcher inadvertently shut down the attack before it could fully spread to the United States, experts said. (He confirmed his involvement and wrote a blog post about it but insisted on anonymity because he did not want the public scrutiny.)

¦ “The kill switch is why the U.S. hasn’t been touched so far,” said Matthieu Suiche, founder of Comae Technologies, a cybersecurity company in the United Arab Emirates. “But it’s only temporary. All the attackers would have to do is create a variant of the hack with a different domain name.” ...

https://www.nytimes.com/2017/05/12/world/europe/international-cyberattack-ransomware.html?