On Friday 12th May, a malware that came to be known as WannaCry was gripping computers across the world and encrypting data. The only way one could get back one’s data was to pay the ransom the hackers were demanding in Bitcoins. This ransom amounted to around $300.
When Marcus Hutchins – also known as @MalwareTech, returned from lunch, he found that many National Health Services employees computers were infected by this malware. That’s when he realized it was something serious. The malware had already infected 74 countries and was rapidly infecting much more when he noticed that the ransomware kept searching for a URL after infecting a system. As long as the as the domain wasn’t registered, the malware would continue on with its journey.
Read more: WannaCry Ransomware: The Next Generation Blackmail?
With the intention to better understand the malware and monitor how it was spreading Marcus bought the domain for $10.69. The ‘Kill Switch’ was hardcoded into the malware in case the creators wanted to quickly deactivate the infection. While initial reports showed that they had caused the infection by registering the domain, it was actually the other way round. Registering the domain brought the infection to a standstill. His job is to look for ways to track and potentially stop botnets and other kinds of malware, Hutchins explained in his blog post.
But, he warns people that this is far from over as the attackers can realize how their malware was stopped, change the code and start again. Unfortunately, many reports suggest that other samples of WannaCry have emerged with different kill switch domains and also without the kill switch function.
Experts claim that the hackers seem to have raised $20,000 so far and the malware has effectively infected 150 countries including India. The best way to protect a computer against this malware, experts say is to update the patches for computers, have a backup for your data, and be wary of malicious content.