On the 14th of May, one of the biggest ransomware attacks in history took place. Organizations such as the UK's National Health Service (NHS) and FedEx were hit by an attack of unprecedented scale.
The ransomware encrypted countless NHS files, demanding ransom money for them to be unencrypted, and caused widespread chaos in all the organizations it hit.
But then a 22-year-old figured out how to hit a kill switch on the ransomware, stopping it from spreading any further. Marcus Hutchins, a security expert from an English coastal town, discovered a domain name within the ransomware's source-code. On a hunch, he bought the domain name for an extremely affordable $10.69.
Immediately after he bought the domain name, computers affected by the attack began connecting to the URL, and within hours people's files became accessible again. The attack was stopped in its tracks, deactivated by the kill switch found by Hutchins.
Since then, Hutchins, who failed his Information Technology course in high school after being accused of hacking (which he denies), has been rewarded by HackerOne with a $10,000 payout, which he decided to give to charity.
"I plan on holding a vote to decide which charities will get the majority of the money," he told HackerOne. "The rest will go to buying books/resources for people looking to get into infosec who can't afford them."
Then came the bad part.
Since stopping the attack, Hutchins has been hounded by the press and had all his details leaked to the public.
Hutchins says he's found his five minutes of fame "horrible", and has since taken steps to find out how the press hunted him down in the first place. Hutchins, who clearly knows his stuff when it comes to cybersecurity, says there's no way he could have protected himself against it.
He has received messages of support from his followers, who expressed their dismay at the British press for following him, and likened it to the behavior of a stalker.
People also suggested that he and others should "dox" the journalists involved, which means searching for private information about them and publishing it online.
Hutchins has asked his followers not to do this, and says he just wanted to let everyone know that he hadn't sought out the spotlight and wished to avoid it as much as possible.
He has since decided which charities to give the reward money to.
"I'm definitely not a hero," he told the Associated Press. "I'm just someone doing my bit to stop botnets."
