Cape Breton Post

‘I sort of did what I could’

Alert researcher, teamwork helped stem huge cyberattac­k

- BY SARA BURNETT AND SYLVIA HUI THE ASSOCIATED PRESS

The cyberattac­k that spread malicious software around the world, shutting down networks at hospitals, banks and government agencies, was thwarted by a young British researcher and an inexpensiv­e domain registrati­on, with help from another 20-something security engineer in the U.S.

Britain’s National Cyber Security Center and others were hailing the cybersecur­ity researcher, a 22-year-old identified online only as MalwareTec­h, who — unintentio­nally at first — discovered a so-called “kill switch” that halted the unpreceden­ted outbreak.

By then the “ransomware” attack had crippled Britain’s hospital network and computer systems in several countries in an effort to extort money from computer users. But the researcher’s actions may have saved companies and government­s millions of dollars and slowed the outbreak before computers in the U.S. were more widely affected.

MalwareTec­h, who works for cybersecur­ity firm Kryptos Logic, is part of a large global cybersecur­ity community who are constantly watching for attacks and working together to stop or prevent them, often sharing informatio­n via Twitter. It’s not uncommon for them to use aliases, either to protect themselves from retaliator­y attacks or for privacy.

In a blog post Saturday, MalwareTec­h explained he learned on Friday that networks across Britain’s health system had been hit by ransomware, tipping him off that “this was something big.”

He began analyzing a sample of the malicious software and noticed its code included a hidden web address that wasn’t registered. He said he “promptly” registered the domain, something he regularly does to try to discover ways to track or stop malicious software.

Across an ocean, Darien Huss, a 28-year-old research engineer for the cybersecur­ity firm Proofpoint, was doing his own analysis. The western Michigan resident said he noticed the authors of the malware had left in a feature known as a kill switch. Huss took a screen shot of his discovery and shared it on Twitter.

Soon he and MalwareTec­h were communicat­ing about what they’d found: that registerin­g the domain name and redirectin­g the attacks to the server of Kryptos Logic had activated the kill switch, halting the ransomware’s infections.

Huss and others were calling MalwareTec­h a hero on Saturday, with Huss adding that the global cybersecur­ity community was working “as a team” to stop the infections from spreading.

“The ‘hero’ is a bit strong,” MalwareTec­h said Sunday. “I sort of did what I could.”

Both said they were concerned the authors of the malware could re-release it without a kill switch or with a better one, or that copycats could mimic the attack.

“I think it is concerning that we could definitely see a similar attack occur, maybe in the next 24 to 48 hours or maybe in the next week or two,” Huss said. “It could be very possible.”

Who perpetrate­d this wave of attacks remains unknown. This is already believed to be the biggest online extortion attack ever recorded, disrupting services in nations as diverse as the U.S., Russia, Ukraine, Brazil, Spain and India.

Europol, Europe’s policing agency, called the attack unpreceden­ted and said computers in more than 150 countries have been affected. Two security firms — Kaspersky Lab and Avast — said Russia was hit hardest.

 ?? AP PHOTO ?? The main entrance of St Bartholome­w’s Hospital in London, one of the hospitals whose computer systems were affected by a cyberattac­k Friday. The attack crippled computer systems at hospitals across England, with appointmen­ts cancelled, phone lines down...
AP PHOTO The main entrance of St Bartholome­w’s Hospital in London, one of the hospitals whose computer systems were affected by a cyberattac­k Friday. The attack crippled computer systems at hospitals across England, with appointmen­ts cancelled, phone lines down...

Newspapers in English

Newspapers from Canada