Surfer worked from bedroom to beat cyberattack

ILFRACOMBE, England (AP) — As a vast "ransomware" attack raced from computer to computer, infecting tens of thousands around the world, a young tech expert worked from his bedroom in England to bring the rampage to a halt.

But Marcus Hutchins doesn't consider himself a hero. The 22-year-old credited with cracking the WannaCry cyberattack told The Associated Press he fights malware because "it's the right thing to do." In his first face-to-face interview, Hutchins, who works for Los Angeles-based Kryptos Logic, said late Monday that hundreds of computer experts worked throughout the weekend to fight the virus, which paralyzed computers in some 150 countries.

"I'm definitely not a hero," he said. "I'm just someone doing my bit to stop botnets." In the first hours after the virus struck Friday, the computer whiz and surfing enthusiast in a small seaside town in southwest England discovered a so-called "kill switch" that slowed the unprecedented outbreak. He then spent the next three days fighting the worm that crippled Britain's hospital network as well as factories, government agencies, banks and other businesses around the world.

WannaCry paralyzed computers running mostly older versions of Microsoft Windows by encrypting users' computer files and displaying a message demanding a ransom of $300 to $600 to release them; failure to pay would leave the data mangled and likely beyond repair.

Hutchins said he stumbled across the solution when he was analyzing a sample of the malicious code and noticed it was linked to an unregistered web address. He promptly registered the domain, something he regularly does to discover ways to track or stop cyber threats, and found that stopped the worm from spreading.

Kryptos Logic chief executive Salim Neino said Hutchins' quick work allowed him to slow the virus on Friday afternoon European time, before it could fully affect the United States. "Marcus, with the program he runs at Kryptos Logic, not only saved the United States but also prevented further damage to the rest of the world," Neino said in an interview from Venice, Italy. "Within a few moments, we were able to validate that there was indeed a kill switch. It was a very exciting moment."

Neino said the worm was "poorly designed" — patched together and a "sum of different parts" with an unsophisticated payment system. Kryptos Logic is one of hundreds of companies working to combat online threats for companies, government agencies and individuals around the world. Hutchins himself is part of a global community that constantly watches for attacks and works to thwart them, often sharing information on Twitter.

It's not uncommon for members to use aliases, to protect from retaliatory attacks and ensure privacy, and Hutchins has long tweeted under the handle MalwareTech, which features a profile photo of a pouty-faced cat wearing enormous sunglasses.

But he realizes his newfound fame will mean an end to the anonymity. "I don't think I'm ever going back to the MalwareTech that everyone knew," said the curly-haired young man, shrugging and flashing a winning smile.

After all, now he's a celebrity. He's been in touch with the FBI, as well as British national cyber security officials. His new life is likely to be a big adjustment. Hutchins lives with his family in the seaside resort town of Ilfracombe, where he works out of his bedroom on a sophisticated computer setup with three enormous screens. He predicted his celebrity would be short-lived.

"I felt like I should agree to one interview," he said. But even that made the fame-averse Hutchins so nervous that he initially misspelled his last name, leaving out the letter "n'' when checking sound levels for the camera.

Many will be following his next moves. CyberSecurity Ventures, which tracks the industry, estimates global spending on cybersecurity will jump to $120 billion this year from just $3.5 billion in 2004. It forecasts expenditures will grow between 12 percent and 15 percent annually for the next five years.

"While all other technology sectors are driven by reducing inefficiencies and increasing productivity, cybersecurity spending is driven by cybercrime," the firm said in a February report. "The unprecedented cybercriminal activity we are witnessing is generating so much cyber spending, it's become nearly impossible for analysts to keep track."

After more analysis, Hutchins, an avid surfer, plans to take a vacation — traveling to Las Vegas and California on the company dime. One guess on what he'll be doing: Yes, surfing. On waves this time.

He pulled off a near-miracle, LL - and it would have taken government agencies weeks to work out what was happening.

He also seems a most likeable young man, and I can see him being in great demand, all over the world, after this.

As far as I know, no-one in the UK paid the ransom, they just put up with the chaos until the problem was sorted. Very foolishly, IMO, some US hospitals that were attacked a while back did pay up:

http://www.bmj.com/content/357/bmj.j2214

Few people know what exactly occurred at the Hollywood Presbyterian Medical Center. It is likely to have been a “phishing” expedition in which the bait was a fake email message and the prey was a healthcare employee. The virus—or “ransomware”—then infected and locked hospital computers. IT experts have said that the hospital may have itself turned off all the computers to prevent the infection spreading. After 10 days the hospital paid a smaller ransom of about $17 000 to regain use of its computers.4

Like any business people, the hackers using ransomware need to appear competent so that people and organisations pay them. Victims must trust the hackers to restore their data. An undercover investigation by one antivirus company found that ransomware groups offered to extend payment deadlines and to negotiate discounts (averaging 30%). One such group offered online support that responded within minutes to queries; another group told a victim, “I am glad you got your files back . . . Get a good antivirus.”5

Hollywood Presbyterian was the first hospital to admit paying a ransom, but other US hospitals, in California, Indiana, Kentucky, Maryland, and Texas, were targeted in 2016.6 The number of ransomware attacks rose fourfold from 2015 to 2016, and so did the amount of money paid to hackers, to $1bn, according to the FBI.7 In the UK, a third of NHS trusts have reported a ransomware attack.

Oh.

https://thenextweb.com/insider/2017/05/15/doxing-hero-stopped-wannacry-irresponsible-dumb/#.tnw_EnIV3GCr

Doxing the hero who stopped WannaCry was irresponsible and dumb

I didn't realise he hadn't come forward voluntarily.....