May 20, 2017

WannaCry Ransomware Killed by 22-Year Old Cyber Analyst

Over 100 countries around the world experienced the biggest cyber attack to date on May 12. For a certain period of time, valuable files and systems were inaccessible causing companies to halt their operations, or revert to the use of pens and papers.

Photo courtesy of MalwareTech Blog

Hutchins saves the day

Luckily, a 22- year old UK-based cyber analyst named Marcus Hutchins, despite being on holiday, took the initiative to study the WannaCry malware and eventually “kill” it. Marcus narrated his full account on a blog under the name “Malware Tech”. 

Marcus (center) with some friends at DEFCON (photo courtesy of The Sun)


Photo courtesy of MalwareTech

With the assistance of a friend, he was able to attain a sample of the WannaCry malware. He closely examined it using an analyzing software. After studying the sample, he observed that “it queried an unregistered domain”. He then registered the web address in order to track its source. Hutchins diverted it to a “sinkhole”—a server that captures “malicious traffic and prevent control of infected computers by the criminals who infected them”—as he waited for confirmation that the domain was indeed the source of the malware.

Photo courtesy of TechinWeb

While waiting for verification, he was unaware that he had already “killed the malware”. Once the sample was confirmed, he proceeded to infect his own computer with the malware and reproduce the code to verify if the sinkhole diversion actually halted the malware. To his astonishment, the test was successful.

Photo courtesy of Framepool AG

Marcus warns the public that the ordeal may not be over. There is a chance that those who carried out the cyber attack will learn how they have been stopped, and soon they may modify their code and start over. He urges Windows users to keep their systems updated and secured.