Stuart Breckenridge

An Unexpected Win

Via the BBC:

A security researcher has told the BBC how he “accidentally” halted the spread of ransomware affecting hundreds of organisations, including the UK’s NHS.

The man, known online as MalwareTech, was analysing the code behind the malware on Friday night when he made his discovery.

He first noticed that the malware was trying to contact an unusual web address - iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - but this address was not connected to a website, because nobody had registered it.

So, every time the malware tried to contact the mysterious website, it failed - and then set about doing its damage.

MalwareTech decided to spend £8.50 and claim the web address. By owning the web address, he could also access analytical data and get an idea of how widespread the ransomware was.

But he later realised that registering the web address had also stopped the malware trying to spread itself.

Stopping the spread of the ransomware was an incredibly lucky side effect of purchasing the domain name. However, any win in this scenario — it’s the largest ransomware spread I can recall, and certainly the most shameless (attacking a health service) — is a win worth taking.


— Supported by —