clock menu more-arrow no yes

The massive, worldwide ransomware attack was stopped by a researcher ‘accidentally’

Friendly reminder: Always update your software!

Photo by Michael Bocchieri/Getty Images

Organizations across the globe, including hospitals, telecom firms and automakers in Europe, were dealing with a massive cyber attack Friday that locked people out of their computers.

The malicious software, known as ransomware, demanded money in exchange for unlocking the computer systems, and thus giving people access to their data.

Luckily, a young British security researcher stopped the attack Friday night — by accident.

You can read a detailed version of what happened here at the researcher’s website, MalwareTech.

Here’s the oversimplified version: The researcher saw that the ransomware system was routinely pinging an unclaimed web domain. He claimed that domain, thinking he’d be able to better study the ransomware’s activity in the hope of finding a fix, and in claiming the domain, he unknowingly killed the entire attack. The malware apparently only worked so long as the domain was unclaimed.

As the researcher explained on the MalwareTech website:

“All this code is doing is attempting to connect to the domain we registered and if the connection is not successful it ransoms the system...my registration of it caused all infections globally to believe they were inside a sandbox and exit…thus we initially unintentionally prevented the spread and and further ransoming of computers infected with this malware.”

Kudos to that guy!

Unfortunately, there is nothing stopping the hackers, who haven’t been identified, from picking a new unclaimed domain and trying again. All of this was also possible because of a flaw in an old version of Microsoft Windows; the company released an update for the software yesterday.

But according to the AP this morning, things are already getting back to normal after the attack.

Friendly reminder: Always update your software!


recode_divider