Ransomware: It cost a 22-year old blogger just $10 to temporarily halt the spread of WannaCry

Twenty Two year old Marcus Hutchins has emerged as an “accidental hero” in the wake of the WannaCry ransomware attacks that have swept the world. Hutchins is a hero because he inadvertently killed WannaCry for a brief period.

WannaCry is the popular name for a piece of malicious code that rapidly infects outdated versions of the Microsoft Windows operating system using a leaked NSA (National Security Agency) exploit. The program then proceeds to encrypt data on infected machines and demands a ransom to decrypt the files.

At last count, the malware has infected over 300,000 computers worldwide, with reports suggesting that Russia, Ukraine and India are the most heavily infected.

In a blog post titled, “How to accidentally stop a global cyber-attack”, Hutchins explains what how he did what he did.

When it started spreading on Friday morning, WannaCry was a mere blip on the radar, an inconsequential little blip that didn’t merit a second glance. By 2.30 pm on the same day however, Hutchins noted a sudden surge in UK’s NHS infections (National Health Service).

Hutchins reacted swiftly and managed to get a sample of the malware. On analysing it in a secure environment, he discovered that the malware was trying to query an unregistered domain (a link to a website). He promptly registered the domain — for around $10 — and without realising it, killed WannaCry for a while.

Hutchins had just stumbled upon WannaCry’s kill switch and he didn’t know it.

When WannaCry infects a computer, it starts querying a randomly generated domain. This domain is likely to be so random that it’s unregistered. If WannaCry can’t connect to the domain, it will simply continue to infect affected PCs. If WannaCry does connect to the domain, it ceases to function.

It must be noted that Hutchins actions are not unusual. Any cyber-security firm or researcher would have eventually done the same. As he himself explains, this is standard operating procedure when dealing with malware. In his blog he says, “In fact, I registered several thousand such domains in the past year.”

It took Hutchins a while to realise what he’d done. In fact, when the code was first analysed, Hutchins was under the impression that he triggered the ransomware. Another researcher later confirmed that Hutchins had inadvertently killed WannaCry, temporarily anyway.

The news was obviously very welcome. “Now you probably can’t picture a grown man jumping around with the excitement of having just been ransomwared, but this was me,” said Hutchins.

And that’s Hutchins’ story. It is very likely that Hutchins actions dramatically slowed down the spread of WannaCry when it was at its most virulent.

WannaCry, like most malware today, mutates from time to time and it has already done so, which is part of the reason why it continues to spread.

While Hutchins’ actions may not be exceptional or even hero material, without question, he accidentally gave governments and businesses a much needed breather to bolster their defences.

With that in mind, the title of “accidental hero” does him justice.

Marcus Hutchins works for Los Angeles-based Kryptos Logic, a cyber-security company.


Published Date: May 17, 2017 02:48 pm | Updated Date: May 17, 2017 02:48 pm