Sunday, May 14, 2017

The worldwide ransomeware attack and the young man who stopped it for now...

EXCLUSIVE: British IT expert, 22, who lives with his parents reveals how he stopped the global cyber attack that wreaked havoc on the NHS as he warns he is already fighting hackers trying to unleash a NEW threat

  • UK blogger, 22, 'accidentally' found method to block spread of cyber attack
  • He found way to register virus as a website which caused a 'kill switch'
  • But the cyber expert warned a group of hackers are trying to sabotage the fix

  • The UK blogger who discovered a 'kill switch' that has slowed the spread of a virus wreaking havoc across the globe has revealed that the world is facing a fresh cyber attack from malicious hackers who are trying to sabotage the fix.
    The 22-year-old 'accidental hero' - who lives at home in the south of England with his mother and father - spotted a loophole in the code that meant he could block the virus.
    He says he inadvertently halted the ransomware just hours after hearing news of a cyber attack on the NHS while out for lunch with a friend while on a week off from his job at an information security company.
    But speaking exclusively to MailOnline, the anonymous computer security expert revealed that cyber attackers are working to bring down the 'emergency stop' which is halting the virus from spreading in a bid to infect millions more across the globe.
    He said: 'We've actually been getting attacks today - we don't think it's the actual group who were spreading the malware but another group is trying to attack us so the infections resume.
    An anonymous British blogger, 22, became an accidental hero by putting the brakes on the spread of the mass cyber attack, pictured
    An anonymous British blogger, 22, became an accidental hero by putting the brakes on the spread of the mass cyber attack, pictured
    Cyber security worker @MalwareTech exploited a loophole by spending £8 to register the domain name the virus tries to connect to when infecting a new computer, causing a 'kill switch' to activate
    Cyber security worker @MalwareTech exploited a loophole by spending £8 to register the domain name the virus tries to connect to when infecting a new computer, causing a 'kill switch' to activate
    He confirmed the block on the virus was an accident because he did not realise registering the website would work
    He confirmed the block on the virus was an accident because he did not realise registering the website would work
    The softly-spoken cyber expert, who goes by the username MalwareTechBlog online, continued: 'Obviously they haven't actually been successful, but had they been that would actually be quite a serious thing and it wouldn't really be something to laugh about.'
    The security worker spent £8 registering the domain name the virus tries to connect with when it infects a new computer and pointed it at a 'sinkhole server' in Los Angeles.
    It caused the malicious software to enact an 'emergency stop', immediately halting its spread - but at first the cyber expert feared he had actually made the virus epidemic worse.
    Speaking of the moment he stopped the virus, the anti-malware expert told MailOnline: 'It should have been really nice but someone had made a mistake and told me that our registering of the domain actually caused the infection.
    'When I found out that it was actually the opposite it was more a relief.
    'Rather than a feeling of 'yes, we've done this' - it was like 'oh god, I haven't f***** up the world, so that's really great'.'
    The ransomware hit computers around the globe including in Germany where the rail network was infected
    The ransomware hit computers around the globe including in Germany where the rail network was infected
    The virus infection resulted in a ransom message appearing on screens across the German rail network creating 'massive disturbances'
    The virus infection resulted in a ransom message appearing on screens across the German rail network creating 'massive disturbances'
    The computer expert revealed that he has been in touch with the government's National Cyber Security Centre about the fix - and that to say thank you his bosses have given him another week off work, which he plans to spend surfing.
    He said: 'I was trying to avoid doing work for a week, doing odd jobs around the house, but I just got pulled back in.
    'I don't really want anything, I just want to get back to my job really. My boss rewarded my with a new week off to replace my not-really week off.' 
    But the 22-year-old does not believe the attack was specifically targeted at the NHS - rather that the health service 'happened to be vulnerable' and got 'caught in the crosshairs'.
    Nevertheless he says it is 'a serious thing and there is a real risk to real people's health if you're shutting down hospital systems.'
    The young self-taught cyber expert said he initially became interested in computers at the age of 11 when his mother and father installed parental control software on their family machine.
    One Twitter user posted this picture of computers in their university lab that were infected with the ransomware - it has wreaked havoc after spreading quickly around the globe
    One Twitter user posted this picture of computers in their university lab that were infected with the ransomware - it has wreaked havoc after spreading quickly around the globe
    He set about working out how to get around the filters sparking a long interest in information security that got him his first job in the industry 10 years later in September last year.
    MalwareTechBlog said: 'It was a bit "red and blue wire" thing - but more fumbling about trying to figure out if the registering of the domain caused the infections or stopped them.'
    He also issued advice for people who are infected - or those who are concerned that their computers could get the malware.
    He said: 'The people who're already infected, there's not really much you can do. You can potentially pay the ransom but I don't know if this one will decrypt the files yet.
    'It comes as Home Secretary Amber Rudd said six hospitals remained affected by the malware today with the 42 others affected returning to normal.'
    Ms Rudd, who chaired a Cobra meeting into the crisis this afternoon, confirmed 48 hospitals were affected by the scam, with many cancelling operations and telling patients to steer clear of A&E departments. 
    A Nissan factory in Sunderland is the latest victim of the hack after it spread from NHS hospitals to industry.
    US power grid vulnerable to cyber attack by foreign hackers
    Loaded: 0%
    Progress: 0%
    1:06
    Play
    Unmute
    Current Time1:06
    /
    Duration Time1:06
    Fullscreen
    Need Text
    Teams of technicians have worked 'round the clock' today to restore hospital computer systems in Britain and check bank or transport services in other nations.
    Speaking after the emergency meeting, Ms Rudd acknowledged 'there's always more' that can be done to protect against viruses.
    A fifth of trusts were hit by the ransomware on Friday afternoon, forcing hospitals to cancel and delay treatment.
    Ms Rudd said: 'Of the 48 that have been impacted, most of them are back to normal course of business.
    'So only six of them have some limits on their business.' 
    She added: 'The response has in fact been very good. We think we have the right preparedness in place and also the right plans going forward over the next few days to ensure that we limit its impact going forward.'
    The worldwide attack was so unprecedented that Microsoft quickly changed its policy and announced that it will make security fixes available for free for older Windows systems, which are still used by millions of individuals and smaller businesses. 


    Read more: http://www.dailymail.co.uk/news/article-4502496/British-blogger-accidental-hero-cyber-attack.html#ixzz4h43XYhlt
    Follow us: @MailOnline on Twitter | DailyMail on Facebook

    No comments: