A UK security researcher explained the BBC how he “accidentally” halted the spread of the malicious ransomware that has affected hundreds of organisations, including the UK’s NHS.

The 22-year-old man, known by the pseudonym MalwareTech, had taken a week off work, but decided to investigate the ransomware after hearing about the global cyber-attack.

He managed to bring the spread to a halt when he found what appeared to be a “kill switch” in the rogue software’s code.

“It was actually partly accidental,” he told the BBC, after spending the night investigating.

Although his discovery did not repair the damage done by the ransomware, it did stop it spreading to new computers, and he has been hailed an “accidental hero”.

“The attention has been slightly overwhelming. The boss gave me another week off to make up for this train-wreck of a vacation.”

Owning the web address let MalwareTech monitor where infections were happening.

What exactly did he discover?

The researcher first noticed that the malware was trying to contact a specific web address every time it infected a new computer. But the web address it was trying to contact – a long jumble of letters – had not been registered.

RELATED: Massive ransomware cyber-attack hits 74 countries

MalwareTech decided to register it, and bought it for $10.69 (£8). Owning it would let him see where computers were accessing it from, and give him an idea of how widespread the ransomware was.

By doing so, he unexpectedly triggered part of the ransomware’s code that told it to stop spreading.

Source: BBC

Read entire post grey  Related Training grey

3 Comments »

Leave a Reply