A young British cyber security researcher "accidentally" managed to stop the spread of a ransomware attack that hit England's National Health Services (NHS) and organizations across the globe.
The 22-year-old cyber security researcher under the Twitter name MalwareTech, working alongside Darien Huss from security firm Proofpoint was able to find a "kill switch" built into the software on Friday, stopping the flow of attacks.
The researcher registered the domain being used by the ransomware and managed to activate the switch. His actions proved crucial because even though his solution came too late to help the UK and European organization already badly hit by the attack, it gave precious time for those here in the U.S. to set up defenses against the malware. So important was the researcher's contributions that Proofpoint's Ryan Kalember told the British media that: "They get the accidental hero award of the day."
Even MalwareTech himself appeared to be surprised with how things turned out. He later tweeted: "I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental. So I can only add "accidentally stopped an international cyber attack to my Resume." MalwareTech also warned: "So long as the domain isn't revoked, this particular strain will no longer cause harm, but patch your system ASAP as they will try again."
The health service in London faces the prospects of a chaotic weekend after the unprecedented attack faced hospitals to cancel and delay treatment for patients. Using hacking tools being widely believed to have been developed by the U.S. National Security Agency, the ransomware infected tens of thousands of computers in almost 100 countries.
The British government and NHS bosses are facing serious questions why they did not take preventive measures months ago to secure their systems. The trouble and disruptions caused by the attacks have been massive. At least 30 health services in England and Scotland were infiltrated by the malicious software, while many others shut down servers as a precautionary measure resulting to further disruptions. Doctors reported seeing computers go down one after the other as the "ransomware" took hold on Friday, managing to lock machines and demanding money to release the captured data.
Experts meanwhile say the virus, called Wanna Decryptor, exploits a vulnerability in Microsoft Windows software first identified by American spies at the National Security Agency (NSA). The tools were leaked on the web earlier this year after hackers dumped a cache of NSA files following a breach in security. Before the dump, Microsoft released a fix, or patch, for the issue, although computers that did not install the update, or could not manage to do so due to the age of their software, would have been exposed to the vulnerability of an attack.
The U.S. Department of Homeland Security said in Friday that the patch released by Microsoft on March 16, "addresses this specific vulnerability, and installing this patch will help secure your systems from the threat."