A never-before-seen type of malware spread through at least 150 countries last Friday. The bug disrupted service at Britain’s National Health Service, FedEx, French automaker Renault, and hundreds of other organizations and businesses. As a 22-year-old security expert looked through the code of the so-called WannaCry ransomware, he saw a URL.
Quick Actions Saved Everything
On a whim, the young man checked to see if the domain was registered. It was not, so he quickly paid the $11 to buy it. Doing so instantly shut down the spread of the malware.
The security expert, Marcus Hutchins who found the kill switch is known primarily by his Twitter handle Malware Tech. Hutchins became an instant hero in one of the largest cyber attacks in history. Over 230,000 computers were affected by the attack, but that number would’ve have been much higher had the domain name not been registered.
The hackers responsible for the attack quickly rewrote the code without the kill switch URL, but by then, enough people were able to patch their operating systems and avoid falling prey to the bug.
A company has offered Malware Tech $10,000 for his work in stopping the spread of WannaCry. HackerOne is a platform where people can report security issues to companies, so the companies can fix them (and sometimes reward those who reported the issues). HackerOne wants to recognize the young security expert for his invaluable work.
Strangely enough, the young man who continues to avoid the limelight says he doesn’t want any money for his discovery. He plans to let his Twitter followers decide what organizations to donate the money to.
There is one other reward that a company offered to Malware Tech, and he’s keeping this one. The food delivery company Just Eat has offered a year’s worth of free pizza to the young man.
In response to that generous offer, he said, “Yeah, I’ll probably claim it. I do like delivered food, and it would be perfect for con after-parties.”
Dark Side
Despite seemingly saving the entire global internet, Hutchins has a surprisingly edgy past. Growing up with a knack for computers, he became engulfed in coding and hacking at a young age. Hutchins always defeated all school and home computer restrictions, and developed business relationships with dark-web hackers early on. These connections would eventually lead him (slightly unwillingly) to create some devastating banking malware. It would be these nefarious connections and code that would eventually catch the eye of the authorities.
Hutchins was actively being staked out by the FBI, and less than three months after saving the globe from WannaCry, he was arrested in the Las Vegas airport. After his arrest and lengthy time spent under house arrest with severe travel and technology restrictions, Hutchins was eventually sentenced to time served and one year of supervision.
The judge ruled that Hutchins positive and ethical actions during the WannaCry attack were what saved him from a more severe sentencing.