An alert researcher, cooperation helped stem cyberattack
LONDON — The cyberattack that spread malicious software around the world, shutting down networks at hospitals, banks and government agencies, was stemmed by a young British researcher and an inexpensive domain registration, with help from another 20-something security engineer in the U.S.
Britain’s National Cyber Security Center and others were hailing the cybersecurity researcher, a 22-year-old identified online only as MalwareTech, who — unintentionally at first — discovered a “kill switch” that halted the unprecedented outbreak.
By then, the “ransomware” attack had hobbled Britain’s hospital network and computer systems in several countries, in an effort to extort money from computer users. But the researcher’s actions may have saved companies and governments millions of dollars and slowed the outbreak before computers in the U.S. were more widely affected.
MalwareTech said in a in a blog post Saturday that he had returned from lunch with a friend on Friday and learned that networks across Britain’s health system had been hit by ransomware, tipping him off that “this was something big.”
He began analyzing a sample of the malicious software and noticed its code included a hidden web address that wasn’t registered. He said he “promptly” registered the domain, something he regularly does to try to discover ways to track or stop malicious software.