Massive ransomware attack halted for the price of a couple of lattes
A security researcher who still lives at home stopped a billion-dollar hack attack from spreading, says a report. The tab? $10.69.
Ten bucks.
That's how much it reportedly cost a young cybersecurity researcher, who still lives with his folks, to stop the spread of a billion-dollar, worldwide hacking assault.
The ransomware attack, which grabbed headlines Friday, exploited a flaw in older versions of Windows to seize and encrypt computer files, making them unusable. Then it demanded money to decrypt the files and hand them back. One of the largest ever of its kind, the assault has frozen computers at hospitals, phone companies and government agencies around the globe.
The New York Times reported that the hackers/kidnappers might make more than a billion dollars once all the ransoms are paid. But on Friday night the attack's spread was halted, at least temporarily, when a 22-year-old computer researcher in the UK noticed the headlines and decided to see what was up.
"I was out having lunch with a friend and got back about 3 p.m. and saw an influx of news articles" about the attack, the researcher, who wishes to remain anonymous, told The Guardian. "I had a bit of a look into that and then I found a sample of the malware behind it."
In that chunk of code, The Guardian reported, he spied an odd-looking domain name (an address like "whitehouse.gov" or "cnet.com" that comes up in your browser bar when you go to a website). He also noticed that the domain hadn't been purchased and registered by anyone, so he ponied up the whopping $10.69 (roughly £8 and AU$15) and bought it, thus making it active.
Screech. Attack stops spreading.
More on WannaCry
- WannaCry ransomware: Everything you need to know
- How to protect yourself from WannaCry ransomware
- Unprecedented ransomware attack a nightmarish 'wakeup call'
- Ransomware: An executive guide to one of the biggest menaces on the web (ZDNet)
It turns out the nonsensical domain name had been placed in the code as a kind of "kill switch," so the coders could halt a cyberattack simply by registering the domain and sending it live. The malware pings the domain name -- like your computer pings "cnet.com" when you want to visit the site -- and if the domain is live, the attack stops its spread.
The researcher didn't know this ahead of time though. He simply got lucky.
The reason he bought the domain "was to just monitor the spread and see if we could do anything about it later on. But we actually stopped the spread just by registering the domain," he told The Guardian.
The bad news, however, is that hackers could simply rewrite the code and use it for more attacks. The fix also doesn't help systems that are already infected. People should be sure to update Windows systems with the relevant security patches.
Still, we'd guess it wasn't a bad afternoon for this unnamed researcher.
He probably paid less to save the world, at least briefly, than he did for lunch.
CNET Magazine: Check out a sampling of the stories you'll find in CNET's newsstand edition.
Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.