How This 20-Something Stopped A Massive Cyber Attack.... Accidentally

He prevented thousands of additional machines worldwide from getting compromised.

If your computer remains unscathed after last week's massive ransomware attack that affected an array of hospitals, businesses, banks, and more across 150 countries, then you likely have 22-year-old Marcus Hutchins to thank.

The British cybersecurity researcher from the north Devon coast accidentally impeded the spread of a malware virus nicknamed "WannaCry" from a small bedroom in his parents' home.

According to Business Insider, Hutchins — who reportedly goes by MalwareTech on Twitter — registered a garbled domain name hidden in the malware to track the virus, which unintentionally halted it. As he explained in a detailed blog post recounting his feat, "I was quickly able to get a sample of the malware with the help of Kafeine, a good friend and fellow researcher. Upon running the sample in my analysis environment I instantly noticed it queried an unregistered domain, which I promptly registered."


Though Hutchins acknowledges he backed into halting the ransomware — malicious software that encrypts data on a victim's computer and then asks for payment in order to decrypt everything — he maintains the actual registration of the domain was no accident. "My job is to look for ways we can track and potentially stop botnets (and other kinds of malware), so I'm always on the lookout to pick up unregistered malware control server (C2) domains. In fact I registered several thousand of such domains in the past year," he explained.

The efforts of Hutchins and his friends paid off big time, "We had in fact prevented the spread of the ransomware and prevented it ransoming any new computer since the registration of the domain," he noted, before expanding a bit on Twitter. 

Still, the ransomware attack significantly impacted England's National Health Service, which, according to the BBC, was forced to cancel routine surgery and GP appointments on Monday as it recovered from the attack.

Europol is calling Friday's attack the "largest ransomware attack observed in history" and notes it infected some 200,000 machines. In this particular instance the ransomware demanded $300 (£232) from each machine infected, and a separate BBC analysis found people had paid the hackers £22,080 in bitcoin so far. The attack also impacted FedEx, Renault and the Russian interior ministry, and more.

The silver lining is that while many expected there to be a second wave of the attack on as people returned to work, no such subsequent assault occurred in Europe. "We've not seen a second wave of attacks and the level of criminal activity is at the lower end of the range that we had anticipated," Health Secretary Jeremy Hunt said on May 15.

However, the New York Times reports Asia hasn't been as lucky. According to conservative estimates, China alone reported disruptions at nearly 40,000 organizations, including about 4,000 academic institutions.

As for how Hutchins is handling his newfound hero status? The Daily Mail reports that though he is currently working with the government's National Cyber Security Center to prevent a subsequent attack, he's not really one for the limelight and even fears possible retaliation now that his identity has been revealed. 

"If they know where I live, they could really do anything," he told the publication. "A security blogger had people send heroin to his house and try to frame him after his identity was leaked and he even had death threats."

He dialed it back a bit on Twitter, adding:

Here's hoping this 22-year-old whiz kid stays safe.

Cover image via icsnaps / Shutterstock.

More From A Plus


Subscribe to our newsletter and get the latest news and exclusive updates.