"“I was out having lunch with a friend and got back about 3pm and saw an influx of news articles about the NHS and various UK organisations being hit,” he told the Guardian. “I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.”'Accidental hero' halts ransomware attack and warns: this is not over | Technology | The Guardian
The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and was immediately registering thousands of connections every second."
Sunday, May 14, 2017
'Accidental hero' halts ransomware attack and warns: this is not over | Technology | The Guardian
Now would be a good time to upgrade, if you're running an old version of Windows