An English computer geek spent $US10.69 on a successful plan to slow the global cyberattack that struck dozens of countries around the world.
Deep inside the nasty “WannaCry” internet worm was a “kill switch,” likely inserted by the cyber crooks in case something went wrong, reports the New York Post.
The kill switch was a website address. If the malware was directed to attack that address, its spread would slow.
The 22-year-old British researcher — who uses the Twitter handle @MalwareTechBlog — noticed the domain name was fake. It had never been registered, or set up on a server.
“I saw it wasn’t registered and thought, ‘I’ll have that,’” he told media.
The researcher bought the domain name on a website called NameCheap.com for $US10.69, and set it up on a server in Los Angeles.
When the malware connects infected computers to the Los Angeles server, it shuts down automatically, MalwareTech explained.
MalwareTech told the Daily Beast that whoever launched the malware will probably relaunch it to get around the Los Angeles server.
If people don’t update their Windows systems, “it’s just going to keep going,” he said.
On Friday, the malware took down thousands of computers running old versions of the Windows operating system.
“WannaCry” shuts down users’ computers, and demands a payment of $US300 in Bitcoin in exchange for the safe return of files.
Britain’s National Health Service was especially hard hit in the attack, which hit tens of thousands of computes in 100 countries.
Microsoft published a Windows update in March that would stop WannaCry. But many people and companies operate old versions of Windows that remain vulnerable to attack.