Home Created by potrace 1.16, written by Peter Selinger 2001-2019Tech and auto  Created by potrace 1.16, written by Peter Selinger 2001-2019Tech news  Created by potrace 1.16, written by Peter Selinger 2001-2019The 22-Year-Old Who ‘Stopped’ Spread of WannaCry Says He’s No Hero

The 22-Year-Old Who ‘Stopped’ Spread of WannaCry Says He’s No Hero

MalwareTech found a “kill switch” that stopped the spread of the virus to more computers.

The Quint
Tech News
Updated:
The cyber attacks were seemingly aimed at stealing information from the companies, using ‘ransomware’. Representational Image. (Photo: iStock)
i
The cyber attacks were seemingly aimed at stealing information from the companies, using ‘ransomware’. Representational Image. (Photo: iStock)
null

advertisement

MalwareTech, a 22-year-old tweeting under a pseudonym, has managed to accidentally stop the spread of the global security attack ransomware, as BBC reported.

After investigating all night, he found a “kill switch” in the virus’ code which helped him bring a halt to further spreading of the virus.

It was actually partly accidental... I have not slept a wink.

Though it can’t repair the damage already done, he has helped stop the spread to new systems and is being hailed the “accidental hero”.

In his first face-to-face interview, Marcus Hutchins, who works for Los Angeles-based Kryptos Logic, said on Monday that hundreds of computer experts worked throughout the weekend to fight the virus, which paralyzed computers in some 150 countries.

The 22-year-old was on a week’s vacation when the attack happened and has been overwhelmed with his new-found fame.

The attention has been slightly overwhelming. The boss gave me another week off to make up for this train-wreck of a vacation. I’m definitely not a hero... I’m just someone doing my bit to stop botnets.
Marcus Hutchins

The computer whiz from the south coast of England discovered a so-called "kill switch" that slowed the unprecedented outbreak on Friday. He then spent the next three days fighting the worm that crippled Britain's hospital network as well as computer systems around the world.

He first noticed that the same web address was being contacted each time a new computer was infected. But the address being contacted had not been registered.

MalwareTech bought the address for $10.69 and registered it, as owning it would let him know where the computers were accessing it from and how widespread the virus was. This, unexpectedly, triggered a part of the ransomware’s code which stopped its further spread.

This “kill switch” was made by the attackers to halt the spread of software if things got out of hand.

Now you probably can’t picture a grown man jumping around with the excitement of having just been ‘ransomwared’, but this was me.
MalwareTech <a href="https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html">Blogpost</a>

He now thinks that the code’s original design was to thwart researchers from trying to investigate the virus, but it ended up backfiring and disabling itself.

ADVERTISEMENT
ADVERTISEMENT

Salim Neino, CEO of Kryptos Logic, said Hutchins took over the "kill switch" on Friday afternoon European time, before it could fully affect the United States.

Marcus, with the program he runs at Kryptos Logic, not only saved the United States but also prevented further damage to the rest of the world. Within a few moments, we were able to validate that there was indeed a kill switch. It was a very exciting moment. This is something that Marcus validated himself.

He said the company was not able to identify "Patient Zero," the first system infected, which would give researchers more information about who was behind the attack. Nevertheless, he said the worm was "poorly designed" – patched together and a "sum of different parts" with an unsophisticated payment system.

Kryptos Logic is one of hundreds of companies working to combat online threats for companies, government agencies and individuals around the world.

While the registration has managed to stop the spread from one device to another, computers already infected are not getting repaired.

Security experts warn that new variants of the virus without the “kill switch” will appear soon enough.

This variant shouldn’t be spreading any further, however, there’ll almost certainly be copycats.
<a href="https://www.troyhunt.com/everything-you-need-to-know-about-the-wannacrypt-ransomware/">Troy Hunt</a>, Security Researcher

MalwareTech has also ominously warned:

We have stopped this one, but there will be another one coming and it will not be stoppable by us. There’s a lot of money in this, there is no reason for them to stop. It’s not much effort for them to change the code and start over.

Also Read:
Ransomware Scare: CERT-In Issues Alert, Advisory on WannaCry
World Braces for More Ransomware Attacks As Work Week Begins
WannaCry Ransomware FAQ: The Bug That Hit PCs Across the Globe

(With inputs from AP)

Published: 15 May 2017,12:52 PM IST

ADVERTISEMENT
SCROLL FOR NEXT