Marcus Hutchins: The ‘Accidental Hero’ Who Saved The World From The WannaCry Ransomware
The world last week witnessed one of the most widespread cyberattacks in history that brought more than 2,30,000 computers running Windows operating system in 150 countries to a standstill. The biggest unprecedented ransomware attack could have got even worse had it not been for the timely intervention of a 22-year-old British security researcher with the blog name “MalwareTech” who discovered an effective kill switch shortly after the attack.
However, the cyberattack has slowed down drastically over the week with Microsoft urging its unaffected users to update their systems with the patches released, latest antivirus and anti-virus malware. Also, independent security researchers going by the names ‘Adrien Guinet’ and ‘Benjamin Delpy’ have released WannaCry decryption tools named “WannaKey” and “WanaKiwi” respectively to counter the attack.
In this article, we will find out more about the 22-year-old self-taught cyber analyst who helped slowing down the spread of WannaCry virus. Identified as ‘Marcus Hutchins’, the white hat hacker and surfer who was hailed as an ‘accidental hero’ works for Kryptos logic, a Los Angeles-based threat-intelligence company and lives with his parents in an English seaside town on the north Devon coast.
“I was out having lunch with a friend and got back about 3 p.m. and saw an influx of news articles about the NHS and various UK organizations being hit,” he told The Guardian. “I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.”
Apparently, the malware’s creators had hardcoded a “kill switch” into it, in case they ever needed to quickly deactivate the infection. That’s why each time WannaCry infected a new computer, it kept on checking the fake URL. Basically, the infection would continue as long as the URL wasn’t a live page.
“I was quickly able to get a sample of the malware with the help of Kafeine, a good friend and fellow researcher,” Hutchins wrote on his website, Malware Tech, in a post called “How to Accidentally Stop a Global Cyber Attacks (sic)”. “Upon running the sample in my analysis environment I instantly noticed it queried an unregistered domain, which i promptly registered.
Curious to analyse the attack, Hutchins went on to register domain name for $10 hidden in the malware code to track the virus. He then pointed it to a “sinkhole”, which is a server designed to capture “malicious traffic”.
While he did not realise what he was doing, this simple act had “unknowingly killed the malware” with suggestions the domain had become a “kill switch” to prevent the virus spreading further.
“We prevented the spread of the ransomware and prevented it ransoming any new computer since the registration of the domain (I initially kept quiet about this while i reverse engineered the code myself to triple check this was the case, but by now Darien’s tweet had gotten a lot of traction).”
Kurtis Baron, founder of London-based Fidus Information Security, who travelled with Hutchins to Las Vegas last year to attend Defcon, a convention for internet hackers, said his friend was just doing his job when he stopped the attack.
“He is a really nice friend and also a business colleague. He was just doing his job,” he told The Daily Telegraph.
So @Hacker0x01 have awarded me a $10,000 bounty for the "kill-switch". I plan on splitting it between to-be-decided charities and education.
— MalwareTech (@MalwareTechBlog) May 15, 2017
“If we could make him work for us, then we would employ him in a heartbeat, but he won’t move.” He added: “It is not a job to him, more a passion that he happens to get paid for.”
Andrew Mabbitt, the co-founder of Fidus, said that Hutchins is “one of the most intelligent and talented people I know.” Explaining further, he said, “He gets paid to do his hobby which is most people’s dream in life.”
Hutchins, who has not attended university, had tweeted a 30-second clip in January this year displaying his room filled with half-a-dozen computer screens, cables, and gadgetry. He wrote, “After three years of effort, I finally have a malware lab I’m happy with.”
Hutchins has been flooded with communications from the media, the cybersecurity world and more ever since his identity has been revealed. HackerOne, a platform for cybersecurity professionals to report potential security flaws in exchange for bounty rewards, has offered Hutchins a reward of $10,000 for his efforts. While, Hutchins says that he doesn’t want to take the money, he instead plans to donate the amount to charity.
“I plan on holding a vote to decide which charities will get the majority of the money,” he wrote on Twitter.