How a Young Cybersecurity Researcher Stopped WannaCry Ransomware in Its Tracks

Last Friday, the biggest ransomware attack we’ve seen hit organizations everywhere, impacting more than 150 countries. It shut down a good chunk of Britain’s National Health Service, has earned the attackers $55,000 in bitcoin, and unfortunately, might not be done just yet. However, there’s good news—“WannaCry” is in fact slowing down, and the chance of more machines becoming infected has been seriously reduced. You can thank one 22-year-old British cybersecurity researcher for that, who used his self-assembled IT hub to locate the ransomware’s “kill switch.”

So, what exactly is this “kill switch” and how did he find it? First, the researcher got a sample of the WannaCry malware from a friend. Using his IT hub, which consists of computer servers, three monitors, and video games, he analyzed the sample and found a vulnerability, or, the “kill switch.” Basically, he realized the attack was referencing an unregistered domain, which is a URL at which there isn’t a website.  So, the researcher proceeded to register the domain, and essentially prevented the ransomware from spreading to any new computers from then on out. Best of all, this was all done from the comfort of his parents’ home.

This researcher’s story provides us with two reminders. The first being the importance of taking security into your own hands, and how one person can make an impact on security from their home. The second: ransomware, even the worst kinds, can be tackled.

However, to truly take down ransomware, you’ve got to be prepared for it. And even though WannaCry isn’t directly after consumers, ransomware is still a reality consumers have to face, as its continuing to grow both in impact and frequency. In fact, the threat has seen a consistent increase throughout the past few years, as the number of ransomware incidents increased to 229 in 2016 from 159 in 2015.

So, for users at home looking to learn how they can fight back, here are a few tips on what to do if a personal ransomware attack ever comes your way:

-Always make sure your devices are backed up. Though ransomware locks your files and demands compensation to give them back, you can avoid paying the ransom if that data is also stored elsewhere. By regularly backing up your devices, you can recover your information if ransomware does strike one day.

-Update everything. Both your operating system and the security program that protects it should always be as up-to-date as possible. New security patches are included with each update, so whenever there’s an update available, take action immediately. And to streamline the process, you can even set up automatic updates so that all software updates itself immediately.

-Don’t pay the ransom. Unless accessing your data is a matter of life or death, don’t give into cybercriminals’ wishes and pay the ransom. There’s no way to be sure that you will be given the decryption keys by the criminals who locked your device. Instead, consider removal tools, and reach out to your cybersecurity company for help.

-Cover your devices with comprehensive security. To protect your phone, computer, and all other personal devices from infection, cover them with an extra layer security and use a comprehensive security solution like McAfee LiveSafe.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Internet Security

Back to top