Worldwide Cyberattack Stopped After Sole Researcher Accidentally Discovers Kill Switch


Robin Andrews

Science & Policy Writer


We all love a good maverick. BEST-BACKGROUNDS/Shutterstock

A worldwide cyberattack of “unprecedented” proportions affected 150 countries last Friday, with health services in the UK, FedEx, and Telefonica, the primary telecommunications operator in Spain, being some of the high-profile victims of it. It was a ransomware-style attack, one which blocked users from accessing their files until a certain amount of money was paid to an anonymous account.

Remarkably, the “WannaCrypt” cyberattack could have been a lot worse, but it was stopped by a young man from southwest England who managed to do what multiple governmental cybersecurity agencies could not.


Like plenty of viruses, biological or otherwise, the latest cyberattack program had a weakness – albeit one that appeared to be built into it by the designers.

It appears that a garbled domain name, the address of a website essentially, was layered into the program’s source code. At a hunch, this so-called “accidental hero” – who had been exploring a sample of the cyberattack program – decided to buy the domain name for a measly $10.69 just to see what happened.


As reported by BBC News, immediately after the domain became active on the Web, it began to register thousands upon thousands of hits. Normally, this would be unusual, as the URL wouldn’t be known to anyone outside of the person that registered it in the first place. In this case, it appears infected computers from all over the globe were connecting to it.

These connections then appeared to rapidly shut down the cyberattack, and within a few hours, people’s files were accessible again. The activation of the domain seemed to be the “kill switch”, one that the programmers would use to eventually stop the spread of the virus.


The spread of the WannaCrypt attack. MalwareTech via YouTube

Initially, the British cybersecurity researcher – who tweets anonymously as @malwaretechblog – panicked, as the press first thought that the infection was caused by registering the domain name. Soon, though, his technical heroics came to light, and he was receiving praise from both government agencies and the media.

The researcher, however, said that the threat was far from over. “The attackers will realize how we stopped it, they’ll change the code and then they’ll start again,” he told the Guardian.

The kill switch came too late for plenty of people across the planet, however, and many thousands more probably don’t know yet if they’ve been compromised. @malwaretechblog advises everyone using a Windows operating system to update their security settings with the latest patch.


In the meantime, all eyes are on the hackers themselves, known only as the Shadow Brokers, likely named after a videogame character in the Mass Effect series – one who deals in secretive information. First appearing in 2016, they’ve already managed to hack into the National Security Agency and hold plenty of the world hostage, if only for a moment.

  • tag
  • future,

  • england,

  • stopped,

  • Shadow Brokers,

  • cyberattack,

  • ransomware,

  • WannaCry,

  • not over,

  • accidental hero,

  • single researcher