S Hodkinson - Saturday, May 13, 2017 1:37 AM
Indeed.
How One Simple Trick Just Put Out That Huge Ransomware Fire
Whoever was behind the ransomware included a feature designed to detect security tools that would fake internet access for quarantined PCs by using a single IP address to respond to any request the computer made. This is a feature of a "sandbox," where security tools test code in a contained environment on a PC. When MalwareTech registered his domain to track the botnet, the same IP address was pinged back to all infected PCs, not just sandboxed ones. "So the malware thought it was in a sandbox and killed itself. Lol," MalwareTech said. "It was meant as an anti-sandbox measure that they didn't quite think through."
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho