'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack [View all]

From the Guardian


"Saturday 13 May 2017 00.11 EDT
First published on Friday 12 May 2017 21.41 EDT

An “accidental hero” has halted the global spread of the WannaCry ransomware, reportedly by spending a few dollars on registering a domain name hidden in the malware.

The ransomware has wreaked havoc on organizations including FedEx and Telefonica, as well as the UK’s National Health Service (NHS), where operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work.

However, a UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and activated a “kill switch” in the malicious software."

https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack?CMP=share_btn_tw


Looks like it had a built in kill switch. It would check if a domain was live. And if it was live (AKA registered) it would shut down.