A UK security researcher explained the BBC how he “accidentally” halted the spread of the malicious ransomware that has affected hundreds of organisations, including the UK’s NHS.
The 22-year-old man, known by the pseudonym MalwareTech, had taken a week off work, but decided to investigate the ransomware after hearing about the global cyber-attack.
He managed to bring the spread to a halt when he found what appeared to be a “kill switch” in the rogue software’s code.
“It was actually partly accidental,” he told the BBC, after spending the night investigating.
Although his discovery did not repair the damage done by the ransomware, it did stop it spreading to new computers, and he has been hailed an “accidental hero”.
“The attention has been slightly overwhelming. The boss gave me another week off to make up for this train-wreck of a vacation.”
What exactly did he discover?
The researcher first noticed that the malware was trying to contact a specific web address every time it infected a new computer. But the web address it was trying to contact – a long jumble of letters – had not been registered.
MalwareTech decided to register it, and bought it for $10.69 (£8). Owning it would let him see where computers were accessing it from, and give him an idea of how widespread the ransomware was.
By doing so, he unexpectedly triggered part of the ransomware’s code that told it to stop spreading.