Find a list of your saved stories here

22-year-old credited for accidentally stopping 'WannaCry' from spreading

Save Story

Save stories to read later

Estimated read time: 2-3 minutes

This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.

SAN FRANCISCO (CNNMoney) — An anonymous malware researcher inadvertently helped stop the spread of a global cyberattack that targeted nearly 100 countries.

The 22-year-old researcher, who goes by the name MalwareTech, has become an internet hero for their efforts to stem the spread of the WannaCry ransomware. MalwareTech, who is based in the U.K., did not disclose their identity or gender to CNN. MalwareTech published a blog post early Saturday morning detailing how they stopped the spread of this ransomware.

The ransomware took control of computers around the world and required owners to pay hundreds of dollars to get their files back. It took advantage of a Windows vulnerability leaked in April and the hacking tool is believed to belong to the NSA.

MalwareTech found an unregistered domain name in the ransomware and bought it for $10.69. Then, they pointed the domain to a sinkhole, or a server that collects and analyzes malware traffic. What they didn't realize was that the domain — a random assortment of letters — was actually a kill switch, a way for someone to take control of the ransomware.

While the researcher is being lauded online for helping to prevent a more widespread outbreak, MalwareTech doesn't consider themselves a hero.

"I just don't [think] that what I did was that significant," MalwareTech told CNN in an email. "And as of now I've had a fair bit of thanks from different people which is really appreciated, but no job offers which is nice as I'm happy where I am."

"We found out that the domain was supposed to be unregistered and the malware was counting on this, thus by registering it we inadvertently stopped any subsequent infections," they told CNN.

However, this only stops one version of WannaCry. There are different versions of the ransomware that do not contact that particular domain and can still spread, so it is possible for computers to get infected. Windows machines that are up-to-date are safe from this ransomware.

Darien Huss, a researcher at security firm Proofpoint, first noticed that MalwareTech's sinkhole was preventing the ransomware from spreading.

"It seems a lot like the actors responsible for this are fairly amateur because of the implementation that they used for the kill switch," Huss told CNN. "It was very easy for someone other than themselves to activate the kill switch."

Huss says it is very likely we will see another attack using the exploit, even as early as Monday.


CNN's Paul P. Murphy contributed to this report.

Copyright 2017 Cable News Network. Turner Broadcasting System, Inc. All Rights Reserved.

Related stories

Most recent World stories

Related topics

Selena Larson


    Get informative articles and interesting stories delivered to your inbox weekly. Subscribe to the Trending 5.
    By subscribing, you acknowledge and agree to's Terms of Use and Privacy Policy.

    KSL Weather Forecast