WANNACRY STOPPED BY 22 YEAR OLD AND NET COMMUNITY|"想哭"病毒來自北韓? 資安專家:下結論還早

Days after the outbreak of ransomware Wanacry, the world still has no idea who started it. As speculations run high, some say that North Korea could be behind all this. Experts say it's not impossible, but it's still too early for any conclusion. The huge cyberattack has begun to ebb since its start in May. Marcus Hutchins, a British cybersecurity engineer, has been credited with stopping the ransomware. He spent about NT$322 registering a domain name hidden in the malware to track the virus, considerably slowing down the spread of the virus. British media reported that the ransomware will send a signal to a domain name before it spreads the virus. In normal circumstances, the domain name does not respond to the virus if it is not registered. That's when the virus is spread to computers through the domain name. The virus stops spreading once the registered domain name responds to it. Hutchins modestly said he was not the only one stopping the virus. Hundreds of others also helped. ==MARCUS HUTCHINS British Cybersecurity Engineer== The community, the security community. They've been a huge help, we've got providers sort of mucking in, a few free servers, AVS, service clubs, keeping our site up. So, its not a single-man job, I mean, I may have registered the domain name, but there have been 100's of people who have helped me. According to Hutchins, the halt is temporary because there might be another wave of attack resulting from the virus mutation. The culprit of the cyberattack was allegedly linked to a mysterious hacker collective called Lazarus, which might have something to do with North Korea. ==ERIC CHEN Cybersecurity Company== Lazarus was behind the attacks on Sony and the Bangladesh banks for example. But these indicators are not enough to definitively say it's Lazarus at all yet. Experts say the WannaCry program used similar code as malware previously distributed by the Lazarus Group. However, it's possible the code was simply copied from the Lazarus malware and was disguised as North Korea.Other experts suspect that time stamps within the original WannaCry code are set to China's time zone and that the text demanding the ransom uses what reads like machine-translated English, but a Chinese segment is apparently written by a Chinese native speaker. Whether Chinese hackers are the culprits is under discussion among the cybersecurity industry. TRANSLATED BY：BRYANT CHANG 席捲全球的電腦勒索病毒"想哭"，目前還沒有任何團體出面坦承犯案。對於外界把這起跨國網路攻擊案件，和緊張的朝鮮半島局勢聯想在一起，指稱有可能是北韓犯案。資訊安全專家認為，不是沒有這種可能，但現階段下結論還太早。 5月以來襲捲全球的勒索病毒"想哭"，日前停止擴散，原因是一名英國的資訊安全工程師，花了新台幣大約322元，註冊一個在病毒碼中提到的網域名稱，大大縮減了病毒擴散的腳步。 英國媒體指出，想哭電腦病毒在散播之前，會向某個網域名稱發出訊號，通常在沒有註冊的情況下，這個網域不會對病毒有回應，病毒於是從這個網域散播到電腦上。 當病毒來襲時，已註冊的網域名稱有所回應，病毒會誤認為電腦有防毒軟體的保護，於是停止散播，免得被防毒軟體清除。對於外界的讚許，哈欽斯很客氣地說，這並不是他一個人的功勞。 ==英國資安工程師 哈欽斯== 業界，也就是資訊安全業界，給了我們很多協助。我們受益不少。OVH公司提供我們3台免費的主機，Cloudflare公司協助我們維持網站。這不是一個人就能搞定的。我不過是註冊了網域，但其實是成千上萬的人努力的結果。 不過哈欽斯說，這次的阻止只是暫時性的，未來還是有可能發生病毒變種，然後另外傳播。至於這起駭客攻擊的幕後黑手，外界指向一個神祕的網路犯罪集團Lazarus，而有可能跟北韓有關。 ==防毒軟體業研究員 簡艾瑞== Lazarus被指涉及(2014)索尼案與(2016)孟加拉銀行駭客案。但證據還不足以證實。 專家指出，想哭這種電腦病毒的程式碼，的確和過去Lazarus被指控涉入的案件，有類似的地方。但也有可能是單純的拷貝使用，然後冒用北韓的名義。 也有專家懷疑，想哭的原始程式碼，包含了中國所在的時區，而各種語言的勒索信件，雖然都有機器翻譯的痕跡。但中文的部份卻是文筆流暢。因此是否是中國的駭客，也在資訊安全業界受到討論。 記者 徐家仁 報導