A 22-year-old UK cyber security researcher accidentally managed to stop the spread of a ransomware attack that hit the NHS and organisations across the globe.
The Royal London, St Bartholomew’s, Whipps Cross and Newham are some of numerous hospitals to be hit by the attack, with messages flashing up saying that their files have been encrypted and they must pay cash or lose access to them.
Using hacking tools believed to have been developed by the US National Security Agency, the ransomware infected tens of thousands of computers in nearly 100 countries.
However, working alongside Darien Huss from security firm Proofpoint, a British cyber security researcher managed to find a “kill switch” built into the software on Friday, stemming the flow of attacks.
The researcher, who tweets under the name MalwareTech, registered the domain being used by the ransomware and managed to activate the switch.
Although his actions came too late to help those UK and European organisations already hit by the attack, it gave those in the US enough time to set up defences against the malware.
Proofpoint’s Ryan Kalember told The Guardian: “They get the accidental hero award of the day.
They didn’t realise how much it probably slowed down the spread of this ransomware.
So I can only add”accidentally stopped an international cyber attack” to my Résumé.
MalwareTech tweeted afterwards: “I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental.
So I can only add accidentally stopped an international cyber attack to my Résumé.
He later warned: So long as the domain isn’t revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again.
Meanwhile, the Government and NHS bosses are facing growing questions over suggestions preventative measures could have been taken “months ago.
At least 30 health service organisations in England and Scotland were infiltrated by the malicious software, while many others shut down servers as a precautionary measure, bringing added disruption.
Doctors reported seeing computers go down one by one as the ransomware took hold on Friday, locking machines and demanding money to release the data.
The National Cyber Security Centre (NCSC) said teams were working round the clock in response to the attack as it was reported up to 99 countries, including the US and Russia, were hit.
Prime Minister Theresa May said the Government is not aware of any evidence patient records had been compromised.
This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected, she added.
However shadow health secretary Jonathan Ashworth said the attack was terrible news and a real worry for patients and urged the Government to be clear about what’s happened.
Ross Anderson, professor of security engineering at Cambridge University’s computer lab, said the incident is the sort of thing for which the secretary of state should get roasted in Parliament.
If large numbers of NHS organisations failed to act on a critical notice from Microsoft two months ago, then whose fault is that? Mr Anderson told The Guardian.
Experts say the virus, called Wanna Decryptor, exploits a vulnerability in Microsoft Windows software first identified by American spies at the National Security Agency (NSA).
The tools were leaked on the web earlier this year when hackers dumped a cache of NSA files following a security breach.
Prior to the dump, Microsoft released a fix, or patch, for the issue, although computers that did not install the update, or could not due to the age of their software, would have been vulnerable to attack.
The US Department of Homeland Security said on Friday that the patch, released by Microsoft on March 16, addresses this specific vulnerability, and installing this patch will help secure your systems from the threat.