Over the weekend, a 22-year-old who still lives with his parents became an unexpected internet hero.
Marcus Hutchins, an English digital security researcher known by the online moniker MalwareTech, found a “kill switch” in the code of WannaCry, malware that allows hackers to encrypt others’ data and demand money in order to decrypt it. On Friday, the virus began quickly infecting computers around the world — and the kill switch temporarily halted its frenzied pace.
“I got back from eating lunch, saw [WannaCry] had started to hit the news… so I started looking into the malware, and I found this domain,” Hutchins said of a URL he found embedded in WannaCry’s code. He then registered the domain — a common practice when trying to track malware — and that unexpectedly triggered a shutdown of the WannaCry.
By the time that happened, the hack had already affected thousands of machines worldwide and compromised much of the U.K.’s health care system; WannaCry’s creators also released a variant without the kill switch. But Hutchins has been credited with preventing the malware from spreading to hundreds of thousands more machines.
The virus exploits vulnerabilities in the Microsoft Windows XP operating system that were originally used in NSA hacking tools leaked to the internet. Hackers were reportedly demanding $300 in bitcoin to decrypt data, a price that went up to $600 if they weren’t paid by the given deadline. Investigators haven’t yet found the culprits, but early clues point to a group of cybercriminals with ties to North Korea.
Initially, Hutchins said that he and his California-based employer, Kryptos Logic, “kept quiet” about the kill switch because they “didn’t want to jump the gun.” But word got out, and Hutchins unwittingly became something of a viral celebrity.
“I seem to be getting a little too much attention; I didn’t really want any of it,” Hutchins said. “I’ve got all these new followers and people trying to find me in person — it’s not great.”
Hutchins suggested ways people can protect themselves in the future — “It’s important to keep a system updated, have a firewall, have anti-virus installed” — because, he said, the return of another WannaCry-like attack is a certainty.
“I can’t really predict when it will happen. The last time I saw something like this it was probably 2008, so it’s been a while,” he says. “It will definitely happen again; we just don’t know when.”