Chinese cybersecurity firm claims to have developed WannaCry virus ‘vaccine’
Rising, a firm that provides network security service to the Chinese government, says its vaccine will destroy ‘all known and future ransomware’
In the wake of the WannaCry global cyberattack, a Chinese cybersecurity firm claims to have developed a “vaccine” for all ransomware virus that will work even with new variants that have yet to surface.
Rising, which provides network security services to the Chinese government, released a free programme on its website on Friday that it said would protect computers from all ransomware, including the WannaCry worm that has affected companies, institutions and individuals around the world since last week.
Rising’s antivirus products are used in the Communist Party headquarters, State Council, Ministry of Public Security and other government agencies.
Tang Wei, the company’s vice-president, said Rising had analysed all the strains of all known ransomware using artificial intelligence and found that the malicious programmes shared up to 80 behavioural traits.
Rising’s “vaccine”, called Rising Sword, worked by presenting the virus with a “bait”, according to Tang.
When suspicious behaviour is detected in response to the bait, the programme then proceeds to isolate the virus and suppress its malicious code.
A message would then pop up on the computer screen to alert the user, he said, without going into further technical details.
“[The programme works] not only for known ransomware but also all their future variations, as long as they encrypt files or extort money,” Tang said.
But the programme cannot help infected users recover their encrypted files, according to Rising. Its user interface is in Chinese and cannot be used on mobile devices.
Li Xinyou, deputy network security director of the State Information Centre, a government think tank that manages China’s economic data, said he had seen the programme in operation and that its performance was “impressive”.
“They’ve come up an effective, comprehensive solution in a relatively short period of time … that’s not easy,” he said at a press conference in Beijing on Friday.
A cybersecurity expert at the Chinese Academy of Sciences said Rising’s new tool possibly used a clever algorithm to exploit common weaknesses found in ransomware.
Its effectiveness remains to be seen, however.
But the biggest threat to cybersecurity was not ransomware, he said, but the leaked US cyberweapons, on which the WannaCry code was based.
“These leaks can turn any kind of virus into a weapon of mass destruction,” said the expert, who asked not to be named.
The WannaCry ransomware that has plagued computer users in more than 150 countries since last week is based on the US National Security Agency’s Eternal Blue cyberweapon, which was used to conduct extensive hacking activities.
The ransomware is spread through phishing emails that trick victims into opening malicious malware attachments and links. The worm then infects unpatched computer systems, encrypting their data and demanding payment to restore access.
In China, WannaCry disrupted operations in tens of thousands of Chinese firms and institutes. It also affected public services including petrol stations, automated teller machines and hospitals.
This week, the Shadow Brokers – a hacker group believed to be linked to the leak of the US government’s cyberweapons – threatened to release more hacking tools.
Unlike the WannaCry, which targeted older computer systems, the new viruses are expected to exploit newer computers running Windows 10 or mobile devices using the Android operating system.
