The Cyber Attack that Made the World WannaCry
Attempts at a recent international ransomware attack, which has affected over 300,000 computers worldwide, were stopped by a 22-year old tech blogger out of his family home in south-west England. Marcus Hutchins, who operates under the alias MalwareTech online, currently works at a California web security company from home after skipping university and teaching himself to write software. After learning that WannaCry, the malware that uses stolen NSA tools to exploit a vulnerability in Windows operating systems, was targeting individuals and major organizations, such as Britain’s National Health Service (NHS), Hutchins investigated and found that a bit of the malware was connecting to an unregistered domain. Unaware that the domain acted as the kill-switch for the cyber-attack, Hutchins registered it for only $10.69, stopping operating systems worldwide from falling prey to this malware.
Hackers are already trying to shut down the domain Hutchins registered by using a distributed denial of service (DDoS) attack, which bombards the site with so much traffic that it’s unable to connect with WannaCry and force it to shut down. Expecting these attempts, Hutchins has already taken precautions to protect the domain by switching to a cached version of the site so it’s able to deal with the higher traffic. While the kill-switch remains in use, it helps protect computer systems that have not been protected from this version of WannaCry which has mostly infected Windows 7 operating systems, the most popular version of Microsoft’s OS. However, both Hutchins and experts are advising users to patch their systems and update their antivirus softwares. As Microsoft releases new patches and antivirus softwares release updates, they address the new vulnerabilities as they’re discovered. Businesses can also add an additional level of security by purchasing cyber security risk assessment products, such as Pro-Assess, to find vulnerabilities and address them before they’re exploited. Hutchins expects that the hackers will develop a new version of the malware to bypass the kill-switch and attack operating systems that are left vulnerable. “This is not over,” he tells The Guardian, “the attackers will realize how we stopped it, they’ll change the code and then they’ll start again.”