“It is not a job to him, more a passion that he happens to get paid for.”

Kurtis Baron —  Founder of Fidus Information Security

On Friday (May 12 2017), a major cyberattack hit well over 100 nations at hospitals, telecommunications firms and other companies. The virus infected more than 200,000 computers, encryted files and then demanded bitcoins to unblock them.

The attack exploited a vulnerability  identified for use by the U.S. National Security Agency and later leaked to the internet.

Marcus Hutchins

Marcus Hutchins — 22-year-old — is a self-taught computer sciencist. His bedroom — in his parents’ house– is not too different from any other young man’s bedroom of  his age:  takeaway pizza boxes, video games and computers. Lots of them…

RELATED POST: Cyberattack cripples institutions around the world

RELATED POST: NCSC — Statement on international ransomware cyber attack

But Marcus Hutchins is now working with the UK government’s National Cyber Security Centre to prevent a new strain of the malicious software. Why? This guy stopped the WannaCry attack from his small bedroom.

How to Accidentally Stop a Global Cyber Attacks

In a blog, Marcus described how he stopped the spread of the virus by purchasing a web domain for £8 and by redirecting it elsewhere.

When he realised he had unintentionally taken down the virus., Marcus shouted “EUREKA”.

Here is the amazing story of the man who — almost — singlehandedly stopped the virus.

I woke up at around 10 AM. There were a few of your usual posts about various organisations being hit with ransomware, but nothing significant…yet.

I ended up going out to lunch with a friend, meanwhile the WannaCrypt ransomware campaign had entered full swing.

When I returned home at about 2:30, the threat sharing platform was flooded with posts about various NHS systems all across the country being hit

I was quickly able to get a sample of the malware. Upon running the sample in my analysis environment I instantly noticed it queried an unregistered domain, which i promptly registered.

ProofPoint researcher Darien Huss [realized] that our registration of the domain had actually stopped the ransomware and prevent the spread.

So why did our sinkhole cause an international ransomware epidemic to stop?

The reason which was suggested is that the domain is a “kill switch” in case something goes wrong, but I now believe it to be a badly thought out anti-analysis.

I believe they were trying to query an intentionally unregistered domain which would appear registered in certain sandbox environments, then once they see the domain responding, they know they’re in a sandbox the malware exits to prevent further analysis.

(Read the full story here)

RELATED POST: Former NSA Mike Flynn advised Israeli cyberweapons dealers

RELATED POST: Acts of War in Cyberspace

RELATED POST: Inside the Intrigue of ‘Russia’s Cyberattacks’

RELATED POST: CYBER AWARENESS CHALLENGE: Take the US DoD TEST!

RELATED POST: International Law and Cyber Warfare. From the Tallinn Manual to a Digital Geneva Convention?

‘I’m no hero’, says IT expert Marcus Hutchins

REFERENCES

IT expert who saved the world from ransomware virus is working with GCHQ to prevent repeat — Telegraph

=

Marcus Hutchins — The man who stopped the WannaCry ransomware