Anonymous expert an ‘accidental hero’ for halting malware spread

Cyber specialist stopped ransomware from hitting hundreds of thousands of computers

An anonymous IT expert became an international sensation after he prevented hundreds of thousands of computers from being infected by the ransomware that wreaked havoc across the British NHS. File photograph: Kacper Pempel/Reuters
An anonymous IT expert became an international sensation after he prevented hundreds of thousands of computers from being infected by the ransomware that wreaked havoc across the British NHS. File photograph: Kacper Pempel/Reuters

A British cyber specialist has been hailed an “accidental hero” after he stopped the spread of a global virus that brought chaos to networks around the world.

The anonymous IT expert became an international sensation after he prevented hundreds of thousands of computers from being infected by the ransomware that wreaked havoc across the NHS.

A number of hospitals in England and Scotland were forced to cancel procedures after dozens of health care systems were brought down.

Thousands of companies in dozens of countries, including Nissan in the UK, were also affected by the attack on Friday by the Wanna Decryptor, also known as WannaCry.

READ MORE

MalwareTech

The UK-based cyber specialist, known only as MalwareTech, registered a domain name that unexpectedly stopped the spread of the virus.

He tweeted on Saturday: “I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental.”

The National Cyber Security Centre applauded his actions and said in a statement: “Media reports today have rightly praised the efforts of MalwareTech to tackle the Wannacry cyber attack.

“The NCSC has been working in collaboration with a number of organisations in the cyber security community, including MalwareTech and 2SEC4, to understand and mitigate the current Wannacry ransomware threat.

“These industry partners have helped by offering us intelligence from the sinkholed Wannacry domain.

“This sinkholed domain has prevented further infections occurring and has already resulted in preventing over 100,000 potential infections.”

MalwareTech described the events as “crazy” in his blog, which was shared on the NCSC website.

“Now one thing that’s important to note is the actual registration of the domain was not on a whim,” he added.

Stop botnets

“My job is to look for ways we can track and potentially stop botnets (and other kinds of malware), so I’m always on the lookout to pick up unregistered malware control server domains.”

He warned Microsoft users that those behind the attack could easily modify the virus and relaunch it, making it critical to update security and anti-virus software as soon as possible.

Press Association