The full extent of the global ransomware cyberattack dubbed WannaCry was slowed, in part, by a 22-year-old on his day off work.
Marcus Hutchins started jumping around when he realized he’d discovered a “kill switch” for the cyberattack, he wrote in a blog post titled How to Accidentally Stop a Global Cyber Attacks (sic).
Hutchins, who goes by the name Malware Tech online, learned about the cyberattack’s severity on Friday with the news that England’s National Health Service (NHS) had been hit by malware, crippling some hospitals and clinics.
WATCH: Cybersecurity expert credits British man with saving U.S. from ‘WannaCry’ cyberattack
WannaCry has so far infected more than 300,000 machines in 150 countries. Just one wrong click on an infected link can lead to all devices on a shared network being taken over by the malware; a cash payment is then demanded in order to regain access to files — hence the name “ransomware.”
Hutchins’ quick work Friday has been credited with slowing the spread; he outlined the “crazy events” of that day in his blog post.
Get daily National news
He started analyzing the malicious software and noticed its code included a web domain that wasn’t registered. He quickly registered the domain for about C$15, according to The Guardian.
Meanwhile, in the U.S., Darien Huss, a 28-year-old research engineer in Michigan, said he noticed the authors of the malware had left in a feature known as a kill switch. Huss took a screen shot of his discovery and shared it on Twitter.
WATCH: Online expert on protecting yourself from ‘WannaCry’ ransomware cyberattack
Together, he and Hutchins found that registering the domain name and redirecting the attacks to a separate server activated the kill switch, halting WannaCry infections.
Hutchins said he didn’t realize at first that he had stalled WannaCry by registering the domain; he called the discovery “accidental.”
https://twitter.com/MalwareTechBlog/status/863187104716685312
“Now you probably can’t picture a grown man jumping around with the excitement of having just been ransomwared, but this was me,” Hutchins wrote in his blog post.
Hutchins has been overwhelmed by online messages and media requests since his role in controlling the threat came to light.
On Twitter, Hutchins posted about his “doorbell going constantly” after he woke up to find his picture on the front page of Britain’s Daily Mail.
As it turns out, many of his friends didn’t even know about his work and online presence as a malware investigator.
https://twitter.com/MalwareTechBlog/status/863621932910075904
Hutchins said he has stayed anonymous in the past in order to maintain his safety.
“Obviously we’re working against bad guys and they’re not going to be happy about this,” he told the Guardian.
However, the fight against ransomware is far from over; Hutchins told the BBC he predicts “another one coming.”
Hutchins is now working with Britain’s National Cyber Security Centre to head off another attack.
— With files from The Associated Press and Andrew Russell
Comments