You are reading a single comment by @Greenbank and its replies.
Click here to read the full conversation.
London Fixed Gear and Single-Speed is a community of predominantly fixed gear and single-speed cyclists in and around London, UK.
This site is supported almost exclusively by donations. Please consider donating a small amount regularly.
@Greenbank
It should stop spreading now, someone analysing it found that it had a kill switch. If a specific random looking domain existed then it would stop spreading. A security research found the domain referenced in the payload and registered it before realising it was a kill switch.
Doesn't help anyone that is already infected though, wipe and reinstall for them and hope their data is backed up properly (and they haven't overwritten the good backups with the encrypted files...)
It's going to be fun mopping up after this, maybe it's the wake up call that is required for people to take IT security seriously, and for the NSA to come clean about what else it has in its locker (this malware was based on the stuff stolen from the NSA a few years ago).