WannaCry, Two Years Later ⇥ techcrunch.com
Zack Whittaker, TechCrunch:
Marcus Hutchins and Jamie Hankins, who were working from their homes in the U.K. for Los Angeles-based cybersecurity company Kryptos Logic, had just stopped a global cyberattack dead in its tracks. Hours earlier, WannaCry ransomware began to spread like wildfire, encrypting systems and crippling businesses and transport hubs across Europe. It was the first time in a decade a computer worm began attacking computers on a massive scale. The U.K.’s National Health Service (NHS) was one of the biggest organizations hit, forcing doctors to turn patients away and emergency rooms to close.
Hours after the disruption began to break on broadcast news networks, Hutchins — who at the time was only known by his online handle @MalwareTech — became an “accidental hero” for inadvertently stopping the cyberattack by registering a web domain found in the malware’s code.
The internet, still reeling from the damage, had gotten off lightly. The two researchers, at the time both in their early 20s, had saved the internet from a powerful nation-state attack launched by an enemy using hacking tools developed by the West.
But the attack was far from over.
Hutchins and Hankins knew if the kill switch went down, the malware would pick up where it left off, infecting thousands of computers every minute. Puffy eyed and sleep deprived, they knew the domain had to stay up at all costs. The researchers fended off several attacks from an angry operator of a botnet trying to knock the domain offline with junk internet traffic. And, at one point, law enforcement seized two of their servers from a datacenter in France amid confusion that the domain was helping to spread WannaCry and not preventing it.
Whittaker reports that the “kill switch” domain prevented around sixty million deployments of the WannaCry malware in the last month alone — a staggering figure for a two year old piece of malware. It’s surely spreading daily, but remaining dormant solely because this single domain is being kept up. It’s digital HPV.