WannaCrypt ransomware hit Pakistan but was stopped by a magic kill-switch

06:17 PM | 13 May, 2017
WannaCrypt ransomware hit Pakistan but was stopped by a magic kill-switch
In April of this year an online group called The Shadow Brokers released a treasure trove of documents and tools stolen from the US security agency NSA who used these tools to hack and spy on computers all over the world. Among them was a tool codenamed Eternalblue. EternalBlue used a previously unknown vulnerability in Windows computers to make its way into an unsuspecting network of computers.

The security leak by the NSA made all these tools available to the public to use in any they wanted. Someone, we don't yet know who, weaponized this tool and turned it into a ransomware software. What 'ransomware' basically does is hold a metaphorical gun to your computer's head, allowing hackers to hold your computer hostage until you pay them. If you refuse, you lose all your data and your files.

The result was WanaCrypt0r 2.0, or WannaCrypt. This tool travels from computer to computer on a network hidden in Word Documents and PDFs. Once it installs itself on the host computer it encrypts all the files on that system, making them unsuable. Then it displays a message telling the user what it has done and demands $300 to free the now hostage computer.

Related: Hospital computers across England shut down by cyberattack, reports of hackers demanding ransom

WannaCrypt attacked computers in Britain's NHS yesterday and from NHS' internal network it spread all over the world. Its victims include hospitals and some of the world's largest companies, including the Telecom giant Telefonica in Spain. This prompted Microsoft to release urgent security patches and taking the unprecedented step of releasing a security patch for Windows XP, an operating system that Microsoft has stopped supporting.

The spread of WannaCrypt Malware - Image: MalwareTech
The spread of WannaCrypt Malware - Image: MalwareTech

But then suddenly, on the morning of 13th May (PST), the virus stopped spreading. This was because of one man and his dicovery of a magic kill-switch inside the tool.

Twitter user MalwareTech, a security analyst, dicovered a line of code inside the tool. That line checked for a domain, a URL on the internet, before spreading itself. The tool checked for the existence of a domain, and if it existed, it would not spread itself. But if the domain didn't exist, it would keep spreading - but malwareTech didn't know that part. That domain was "". Since no one had registered or owned the domain before, MalwareTech decided to register that domain on a hunch. As soon as MalwareTech registered that domain, the virus stopped spreading - as if by magic.

The threat still exists

MalwareTech's actions have temporarily stopped the spread of this virus and there is a strong chance that it will return, better and stronger.

Microsoft has released patches for WannaCrypt for all versions of its Windows Operating System. If you have Automatic Updates enabled on your computer, you are already patched. You can also download these patches from the windows website, as instructed in their security bulletin.

If you run Windows XP, you should immediately upgrade because Windows has stopped supporting this operating system. Even though Microsoft released a patch for WannaCrypt this time, there is no guarantee that Microsoft will do so for similar attacks in the future.

WannaCrypt in Pakistan

According to the map and data provided by MalwareTech, WannaCrypt has already hit Pakistani computers, particularly in Islamabad. However, it was stopped by our hero, MalwareTech before it did large-scale damage in Pakistan. This may prove temporary, therefore all Pakistani Windows users are advised to apply the security patches provided by Microsoft.

There are many universities, schools, hospitals and government offices that still use Windows XP. Windows XP is an insecure and unsupported system. Older systems can either be switched to Linux, which is a far more secure operating system, or to newer versions of Microsoft Windows, if the hardware is supported.

Waqas Ahmed is Editor, Digital Media, at Daily Pakistan Global. You can reach him at


Currency Rates in Pakistan - Pakistani rupee exchange rate against US dollar, Euro, Pound and Riyal - 24 Feb 2024

Pakistani currency remains largely stable against US dollar and other currencies in the open market on February 24, 2024.

US Dollar rate in Pakistan

In the open market, the US dollar was being quoted at 279.5 for buying and 282.55 for selling.

On Saturday, Euro stands at 302  for buying and 305 for selling while British Pound rate stands at 352.5 for buying, and 356 for selling.

UAE Dirham AED hovers at 76.1 whereas the Saudi Riyal saw slight increase, with new rates at 74.35.

Today’s currency exchange rates in Pakistan - 24 February 2024

Source: Forex Association of Pakistan. (last update 09:00 AM)
Currency Symbol Buying Selling
US Dollar USD 279.5 282.55
Euro EUR 302 305
UK Pound Sterling GBP 352.5 356
U.A.E Dirham AED 76.1 76.8
Saudi Riyal SAR 74.35 75.1
Australian Dollar AUD 181 183
Bahrain Dinar BHD 743.88 751.88
Canadian Dollar CAD 207 209
China Yuan CNY 38.89 39.29
Danish Krone DKK 40.38 40.78
Hong Kong Dollar HKD 35.76 36.11
Indian Rupee INR 3.37 3.48
Japanese Yen JPY 2.10 2.18
Kuwaiti Dinar KWD 908.79 917.79
Malaysian Ringgit MYR 58.6 59.2
New Zealand Dollar NZD 171.68 173.68
Norwegians Krone NOK 26.43 26.73
Omani Riyal OMR 726.53 734.53
Qatari Riyal QAR 76.76 77.46
Singapore Dollar SGD 207 209
Swedish Korona SEK 26.53 26.83
Swiss Franc CHF 317.87 320.37
Thai Bhat THB 7.79 7.94


Follow us on Facebook

Follow us on Twitter

Sign up for Newsletter