Accidental hero stops global cyber attack


The government has confirmed one Australian business has been hit by ransomware in a cyber attack.

The man believed to be Marcus Hutchins has been credited with stopping the virus spreading to around 100,000 computers after installing a “kill switch”.

THE man who stopped a global cyber attack in its tracks with a simple “kill switch” has been named as a 22-year-old surfer from Devon, UK.

Self-taught cyber expert Marcus Hutchins has been labelled a “hero” for his role in stopping the global cyber virus that hit more than 200,000 companies and organisations in 150 countries around the world since Friday afternoon.

Writing in a blog on his website, Malware Tech, the young man wrote a post called “How to Accidentally Stop a Global Cyber Attacks (sic)” where he explained what happened that day.

“I woke up at around 10 AM and checked onto the UK cyber threat sharing platform where I had been following the spread of the Emotet banking malware, something which seemed incredibly significant until today,” he said.

“There were a few of your usual posts about various organisations being hit with ransomware, but nothing significant … yet. I ended up going out to lunch with a friend, meanwhile the WannaCrypt ransomware campaign had entered full swing,” he said.

After returning home later in the afternoon he realised “this was something big” and began working with friends online to find out how the virus was spreading. He noticed the malware “queried” an unregistered domain address which he bought for around $15.

He then pointed it to a “sinkhole”, which is a server designed to capture “malicious traffic” and is something Mr Hutchins does as part of his day job, he said.

While he did not realise it yet, this simple act had “unknowingly killed the malware” with suggestions the domain had become a “kill switch” to prevent the virus spreading further.

But Mr Hutchins, who lives at home and works from his bedroom, also warned users it’s not over yet.

“One thing that is very important to note is our sinkholing only stops this sample and there is nothing stopping them removing the domain check and trying again, so it’s incredibly important that any unpatched systems are patched as quickly as possible,” he said.

Britain’s NHS has been subject to outages and delays from the virus. Picture: AFP PHOTO / Niklas HALLE'N

Britain’s NHS has been subject to outages and delays from the virus. Picture: AFP PHOTO / Niklas HALLE’NSource:AFP

He’s since been inundated with media attention is working with the UK cyber security agency GCHQ to help prevent the spread of the virus as office workers return to their desks on Monday.

Mr Hutchins was also praised by the UK National Cyber Security Centre who said he’s been working with others to “understand and mitigate the current Wannacry ransomware threat”.

“These industry partners have helped by offering us intelligence from the sinkholes Wannacry domain,” the agency said online.

“This sinkholes domain has prevented further infections occurring and has already resulted in preventing over 100,000 potential infections. However, this action will not remediate infections that have already occurred.”

The virus has hit healthcare systems, shops, schools and companies around the world disrupting operations around the world.

The Australian Federal government said five businesses had been affected with reports of others under investigation.

Where it originated is unknown but thousands of bitcoin accounts are under surveillance after hackers demanded payments in the anonymous online currency.

Cyber Security Minister Dan Tehan has urged Australian small businesses to take urgent action to update systems and security. Many of those hit were running outdated software with security flaws.

“This ransomware attack is a wake-up call to all Australian businesses to regularly back up their data and install the latest security patches,” Mr Tehan said.

There are investigations into three Australian organisations that may have been affected by a cyber attack.

Related Post