Organizations across the globe, including hospitals, telecom firms and automakers in Europe, were dealing with a massive cyber attack Friday that locked people out of their computers.
The malicious software, known as ransomware, demanded money in exchange for unlocking the computer systems, and thus giving people access to their data.
Luckily, a young British security researcher stopped the attack Friday night — by accident.
You can read a detailed version of what happened here at the researcher’s website, MalwareTech.
Here’s the oversimplified version: The researcher saw that the ransomware system was routinely pinging an unclaimed web domain. He claimed that domain, thinking he’d be able to better study the ransomware’s activity in the hope of finding a fix, and in claiming the domain, he unknowingly killed the entire attack. The malware apparently only worked so long as the domain was unclaimed.
As the researcher explained on the MalwareTech website:
“All this code is doing is attempting to connect to the domain we registered and if the connection is not successful it ransoms the system...my registration of it caused all infections globally to believe they were inside a sandbox and exit…thus we initially unintentionally prevented the spread and and further ransoming of computers infected with this malware.”
Kudos to that guy!
Well, that went about as well as anything i do does.— MalwareTech (@MalwareTechBlog) May 13, 2017
Unfortunately, there is nothing stopping the hackers, who haven’t been identified, from picking a new unclaimed domain and trying again. All of this was also possible because of a flaw in an old version of Microsoft Windows; the company released an update for the software yesterday.
But according to the AP this morning, things are already getting back to normal after the attack.
BREAKING: Britain: Cyberattack hit almost 20 percent of UK's 248 public health trusts; all but 6 now back to normal.— The Associated Press (@AP) May 13, 2017
Friendly reminder: Always update your software!