LONDON (AP) - The cyberattack that spread malicious software around the world, shutting down networks at hospitals, banks and government agencies, was thwarted by a young British researcher and an inexpensive domain registration, with help from another 20-something security engineer in the U.S.
Britainâ€™s National Cyber Security Center and others were hailing the cybersecurity researcher, a 22-year-old identified online only as MalwareTech, who - unintentionally at first - discovered a so-called â€śkill switchâ€ť that halted the unprecedented outbreak.
By then the â€śransomwareâ€ť attack had crippled Britainâ€™s hospital network and computer systems in several countries in an effort to extort money from computer users. But the researcherâ€™s actions may have saved companies and governments millions of dollars and slowed the outbreak before computers in the U.S. were more widely affected.
In a blog post Saturday, MalwareTech explained he returned from lunch with a friend on Friday and learned that networks across Britainâ€™s health system had been hit by ransomware, tipping him off that â€śthis was something big.â€ť
He began analyzing a sample of the malicious software and noticed its code included a hidden web address that wasnâ€™t registered. He said he â€śpromptlyâ€ť registered the domain, something he regularly does to try to discover ways to track or stop malicious software.
Across an ocean, Darien Huss, a 28-year-old research engineer for the cybersecurity firm Proofpoint, was doing his own analysis. The western Michigan resident said he noticed the authors of the malware had left in a feature known as a kill switch. Huss took a screen shot of his discovery and shared it on Twitter.
Soon he and MalwareTech were communicating about what theyâ€™d found: That registering the domain name and redirecting the attacks to MalwareTechâ€™s server had activated the kill switch, halting the ransomwareâ€™s infections.
Huss,said he was â€śstill worried for whatâ€™s to come in the next few days, because it really would not be so difficult for the actors behind this to re-release their code without a kill switch or with a better kill switch.