What is ransomware? Ransomware is a type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data. This attack used a piece of malicious software called “WanaCyptor 2.0” or WannaCry, that exploits a vulnerability in Windows. Microsoft released a patch (a software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.
The ransomware used in Friday’s attack wreaked havoc on organisations including FedEx and Telefónica, as well as the UK’s National Health Service (NHS), where operations were cancelled, X-rays, test results and patient records became unavailable and phones did not work.
The young cyber expert who saved the NHS from hackers is working with GCHQ to head off another attack, it has been claimed.
Marcus Hutchins has been credited with stopping the WannaCry ransomware attack from spreading across the globe by accidentally triggering a “kill switch”. The self-taught 22-year-old took just a few hours to stop the breach, which had already spread to more than 200,000 victims – including the NHS – across 150 countries.
The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and was immediately registering thousands of connections every second.
MalwareTech explained that he bought the domain because his company tracks botnets, and by registering these domains they can get an insight into how the botnet is spreading. “The intent was to just monitor the spread and see if we could do anything about it later on. But we actually stopped the spread just by registering the domain,” he said. But the following hours were an “emotional rollercoaster”.
He warned people to patch their systems, adding: “This is not over. The attackers will realise how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot.”
He is now working with the government’s National Cyber Security Centre to prevent a new strain of the malicious software.
About Marcus Hutchins?
He is believed to have stopped the attack from a small bedroom in his parents’ house.
He said he got his first job out of school without any real qualifications, having skipped university to start-up a tech blog and write software.
Mr Hutchins – who is known only as Malware Tech – His mother and father work in the medical industry and he also has a younger brother. But the dark knight of the dark web still lives at home with his parents, which he joked was “so stereotypical”. His mum, he said, was aware of what had happened and was excited, but his dad hadn’t been home yet. “I’m sure my mother will inform him,” he said.
His social media accounts are peppered with tweets about his love of surfing and views of the waves along the coast. In one tweet, he wrote: “I could move to a city but where in a city would I get this view?”
Around a year ago, he joined a “private intel threat firm” based in Los Angeles.
Final thoughts
The kill switch won’t help anyone whose computer is already infected with the ransomware, and it’s possible that there are other variants of the malware with different kill switches that will continue to spread. Strong warnings are still coming through that people need to patch their systems since this is not yet over. The attackers will realise how the virus was stopped, and they’ll change the code and then they’ll start again. Hence need to enable windows update, update and then reboot.
1 Comment
Pingback: US Blames North Korea For WannaCry Malware Attack - Gisttrendz