MalwareTech, a 22-year-old tweeting under a pseudonym, has managed to accidentally stop the spread of the global security attack ransomware, as BBC reported.
After investigating all night, he found a “kill switch” in the virus’ code which helped him bring a halt to further spreading of the virus.
It was actually partly accidental... I have not slept a wink.
Though it can’t repair the damage already done, he has helped stop the spread to new systems and is being hailed the “accidental hero”.
In his first face-to-face interview, Marcus Hutchins, who works for Los Angeles-based Kryptos Logic, said on Monday that hundreds of computer experts worked throughout the weekend to fight the virus, which paralyzed computers in some 150 countries.
The 22-year-old was on a week’s vacation when the attack happened and has been overwhelmed with his new-found fame.
The attention has been slightly overwhelming. The boss gave me another week off to make up for this train-wreck of a vacation. I’m definitely not a hero... I’m just someone doing my bit to stop botnets.Marcus Hutchins
The computer whiz from the south coast of England discovered a so-called "kill switch" that slowed the unprecedented outbreak on Friday. He then spent the next three days fighting the worm that crippled Britain's hospital network as well as computer systems around the world.
He first noticed that the same web address was being contacted each time a new computer was infected. But the address being contacted had not been registered.
MalwareTech bought the address for $10.69 and registered it, as owning it would let him know where the computers were accessing it from and how widespread the virus was. This, unexpectedly, triggered a part of the ransomware’s code which stopped its further spread.
This “kill switch” was made by the attackers to halt the spread of software if things got out of hand.
Now you probably can’t picture a grown man jumping around with the excitement of having just been ‘ransomwared’, but this was me.MalwareTech Blogpost
He now thinks that the code’s original design was to thwart researchers from trying to investigate the virus, but it ended up backfiring and disabling itself.
Salim Neino, CEO of Kryptos Logic, said Hutchins took over the "kill switch" on Friday afternoon European time, before it could fully affect the United States.
Marcus, with the program he runs at Kryptos Logic, not only saved the United States but also prevented further damage to the rest of the world. Within a few moments, we were able to validate that there was indeed a kill switch. It was a very exciting moment. This is something that Marcus validated himself.
He said the company was not able to identify "Patient Zero," the first system infected, which would give researchers more information about who was behind the attack. Nevertheless, he said the worm was "poorly designed" – patched together and a "sum of different parts" with an unsophisticated payment system.
Kryptos Logic is one of hundreds of companies working to combat online threats for companies, government agencies and individuals around the world.
While the registration has managed to stop the spread from one device to another, computers already infected are not getting repaired.
Security experts warn that new variants of the virus without the “kill switch” will appear soon enough.
This variant shouldn’t be spreading any further, however, there’ll almost certainly be copycats.Troy Hunt, Security Researcher
MalwareTech has also ominously warned:
We have stopped this one, but there will be another one coming and it will not be stoppable by us. There’s a lot of money in this, there is no reason for them to stop. It’s not much effort for them to change the code and start over.
(With inputs from AP)
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)