Ransomware attack accidentally slowed down by 22 year old UK security expert

ByCraig Haley

This weekend’s large-scale ransomware attack was significantly thwarted by complete accident by a UK based 22 year-old security expert, it has been revealed.

On Friday, a large scale malware attack spanning across 150 countries was launched that severely crippled a number of services including areas of the UK’s NHS. The malware is known as ransomware, a type of malware that encrypts files and demands a ransom to decrypt them.

As the ransomware spread from computer to computer, cyber security experts from across the world rushed to help try and stop it and begin damage control. But it was a 22 year old from the UK South-West that managed to significantly slow down the spread of the ransomware, and he did it completely by accident.

Known by the online handle MalwareTech, this British security expert – like many of his equivalents from all over the planet – was examining the code behind the malware. MalwareTech noticed that the malware – upon spreading to a new machine – was making a “request” to an obscure website address that didn’t actually exist.


Sponsored Content. Continued below...




If every single instance of the malware made the same request to the same obscure, non-existent website, then it could be possible to track the spread of the ransomware as it travelled across the Internet. As such, MalwareTech opted to register the website address that was being requested by the ransomware, turning the non-existent web address to a very real web address.

As it turns out, in doing so this acted as a type of “kill switch” that stopped the ransomware from spreading. It appears this “kill switch” was deliberately built in to the ransomware by the person behind it so they had the ability to stop their ransomware from spreading.

The kill switch worked like this –
The ransomware would request a website address. If that request returned a DNS error – meaning the web domain didn’t exist – then the ransomware would continue. However if the ransomware detected a live domain, it would stop spreading.

When MalwareTech – who reportedly works for a digital threat assessment company – registered the website domain with the intention of monitoring the spread of the malware, he inadvertently instructed it to stop spreading.

However the security expert warned that it was likely that the creators of the ransomware were likely to rewrite their software in order to orchestrate new attacks.

So if you haven’t done so already, make sure your version of Windows is all patched up.

Keep up-to-date with all our latest articles. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)