samiux

The latest news about WannaCry in Hong Kong yesterday night advising your systems to disconnect to the internet is in question.

Beware that when your systems are already infected with WannaCry or its variants, you should allow the systems to connect to internet in order to communicate with the kill-switches that are registered by the Infosec Researchers.  When your infected systems can communicate with the kill-switch domains, the malware will be quited and the encryption stopped.

Update reason :
- fix typo

samiux

It seems WannaCry and its variants are under control.  Thanks for the 2 outstanding Infosec Researchers to discover the hidden domains and registered the kill-switch domains as well as allows all users in the world to connect to in order to sinkhole it.  Thanks again. :D

When your system or network can access the following 2 domains (at the moment), the malware will quit and do not encrypt your box, they are :

iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com

or

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com

If your system cannot access internet, you can create a website internally and allows port 80 to be accessed on the said domains.

By the way, even if your systems and network do not seem to be affected, make sure to update your systems with Microsoft patches.

Samiux

Update reason :
- typo fixes

samiux

The third sinkhole domain is :

ayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf.com

or

www.ayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf.com

Make sure the above said 3 domains are not being blocked.

Samiux