How An Accidental Hero Stopped A Massive Cyber Attack

Cyber attacks have become a fact of daily life.  We all want to keep our data safe, but just how do we do that?  While there are practices that can help boost protection of our technological cache – like always updating our software – there’s no guarantee we won’t be a target at some point in our lives.

And sometimes, the solution to an attack is as out-of the-blue as the attack.

Last Friday’s massive “Wanna Cry” cyber attack is proof that no one is immune.  Ransomware, software designed to block access to a computer system until a sum of money is paid, hit organizations across the UK, including Telefónica, FedEx, and the National Health Service (NHS).  At the NHS, the cyber attack wreaked havoc – operations were canceled; patient records, X-rays, and test results became unavailable; and phones did not work.

Enter the “accidental hero” who saved the day.  A 22-year-old British security researcher stopped the attack Friday night.  The result was a quick halt to a potential global spread of an unprecedented ransomware attack.  But, the researcher, who wishes to remain anonymous and is known only by the pseudonym “MalwareTech,” has warned the attack could be rebooted.

How did he do it?  By registering a garbled domain name hidden in the malware.  Specifically, MalwareTech noticed that the ransomware system was routinely pinging an unclaimed web domain.  So he claimed that domain, with hopes of getting a better glimpse into the ransomware’s activity and find a fix.  But the malware only worked so long as the domain was unclaimed.  So by claiming the domain, MalwareTech unknowingly killed the entire attack.

While this was a quick win for the good guys, there’s nothing to indicate the hackers, who have yet to be identified, won’t pick up an unclaimed domain and try again.  For now, though, things are back on track.  According to the AP, while the cyber attack hit almost 20 percent of the UK’s 248 public health trusts, all but six are now back to normal.

Back to that basic rule of updating your software – the cyber attack was possible because of a flaw in an old version of Microsoft Windows.  Since the attack, the company has released a software update.  If you haven’t installed an update on your computer lately, now’s a good time to do it.

Previous ArticleNext Article