A 22-year-old
cybersecurity researcher and a cheap domain registration helped thwart the
cyberattack that spread malicious software around the world, shutting down
networks at hospitals, banks and government agencies.
Britain’s
National Cyber Security Center and others hailed the researcher who discovered
a so-called “kill switch” that halted the unprecedented outbreak. The person
has only been identified as MalwareTech.
By then the
"ransomware" attack had crippled Britain's hospital network and
computer systems in several countries in an effort to extort money from
computer users. But the researcher's actions may have saved companies and
governments millions of dollars and slowed the outbreak before computers in the
U.S. were more widely affected.
MalwareTech
is part of a global cybersecurity community, working independently or for
security companies, who are constantly watching for attacks and working
together to stop or prevent them, often sharing information on Twitter.
MalwareTech explained in a blog post Saturday he learned that
Britain’s health system was under attack after he had returned from lunch.
He began
analyzing a sample of the malicious software and noticed its code included a
hidden web address that wasn't registered. He said he "promptly"
registered the domain, something he regularly does to try to discover ways to
track or stop malicious software.
Across an
ocean, Darien Huss, a 28-year-old research engineer for the cybersecurity firm
Proofpoint, was doing his own analysis. The western Michigan resident said he
noticed the authors of the malware had left in a feature known as a kill
switch. Huss took a screen shot of his discovery and shared it on Twitter.
Soon he and
MalwareTech were communicating about what they'd found: That registering the
domain name and redirecting the attacks to MalwareTech's server had activated
the kill switch, halting the ransomware's infections.
Huss and
others were calling MalwareTech a hero on Saturday, with Huss adding that the
global cybersecurity community was working "as a team" to stop the
infections from spreading.
"I
think the security industry as a whole should be considered heroes," he
said.
But he also
said he's concerned the authors of the malware could re-release it without a
kill switch or with a better one, or that copycats could mimic the attack.
"I
think it is concerning that we could definitely see a similar attack occur,
maybe in the next 24 to 48 hours or maybe in the next week or two," Huss
said. "It could be very possible."
Who
perpetrated this wave of attacks remains unknown. Two security firms —
Kaspersky Lab and Avast — said they identified the malicious software in more
than 70 countries. Both said Russia was hit hardest.
This is
already believed to be the biggest online extortion attack ever recorded, disrupting
services in nations as diverse as the U.S., Ukraine, Brazil, Spain and India.
Europol, the European Union's police agency, said the onslaught was at "an
unprecedented level and will require a complex international investigation to
identify the culprits."
FOX NEWS/ AP*
0 Comments