Foiling a global cyber attack sounds like a task for the CIA or GCHQ, including Bond-eque levels of endeavour and hoopla. Not something regularly attributed to a UK-based surfer.
The UK cybersecurity researcher, who tweets as @malwaretechblog (MT) and lives in Devon, found the kill switch and halted a ransomware attack which affected machines in more than 100 countries after registering a domain name hidden in the malware. This unprecedented attack affected more than 29,000 institutions across China, the Russia Interior Ministry, Fed Ex and countless others. It wreaked particular havoc in the UK’s NHS on Friday, operations were cancelled, test results became unavailable and phones did not work.
If you're wondering why I've been replying slow all day pic.twitter.com/Q6VHnp6bAJ
— MalwareTech (@MalwareTechBlog) May 13, 2017
This tool, a fresh variant of “WannaCry” ransomware, is suspected to have been developed by the US National Security Agency. Ransomware is a type of malware that is used by computer hackers to capture information and then extort money from the victim by locking down their computer until a specific sum is transferred.
Luckily, MT was on the case, so next time someone throws out that surfer/beach bum stereotype, remember one of us is responsible for saving the world a whole lot of headaches. We asked MT a few questions this morning as he bounced from one media request to another. Check out the vid of his phone above.
A huge congratulations on halting the hack attack. In terms of being accidental, you ‘accidentally’ found a kill switch by registering the URL which was hardly a random act. Can you tell us briefly about how you think the spread was halted in terms of tricking the virus into thinking it was in a sandbox environment?
I may have slightly over exaggerated how much of the process was accidental in an attempt to not get too much attention, but as you can see, this attempt fell slightly flat.
You are expecting more variations of this virus to appear. What can organisations do in the coming hours to protect themselves?
If they're running SMB v1 they need to either block incoming traffic on 445 while they install updates (if they're not already updated) or disable SMB completely.
You might be cool, but you'll never be guy playing the violin while surfing a 30 ft wave cool. pic.twitter.com/P8hnI612B6
— MalwareTech (@MalwareTechBlog) April 8, 2017
We’re stoked to have a techy surfer reverse this attack. Can you tell us a little about your surfing experience?
I started bodyboarding when I used to come down to Croyde on holiday as a little kid. Just before my 8th Birthday we moved to the coast permanently and my parents got me my first surfboard, this is when I took up surfing and have continued surfing ever since.
Although my home break is now Woolacombe, I'd also previously travelled a fair bit around Cornwall for surf-livesaving competitions so have gotten to visit/surf some of the great Cornish beaches such as Perranporth, Polzeath, Gwithian, Sennen and Fistral. I did also take up rescue-board paddling as part of surf lifesaving so when the surf is too messy I can still have a good bit of fun with that.
Are you a forecast hound checking all the sites?
Magicseaweed is actually my homepage and I spend a fair bit of time on eyeball-hq checking all the local cams. I've missed too many good days in the past by forgetting to look at the forecast page, so now it opens when I start my web browser.
Newquay today *drool* pic.twitter.com/LzI4k9tT0k
— MalwareTech (@MalwareTechBlog) February 3, 2017
You’ve made a choice to live by the coast so you can surf. You feel that has pushed you into being a bit more free-thinking career wise?
Yes. Living way out from the big cities made it impossible to get an office job in computer security, so I was very relieved when I god my first remote-based Job offer from Kryptos Logic. Them being an LA based company mean I now have the opportunity to travel and surf the California cost whenever I'm out there for meeting.
You've chosen to remain anonymous through this whole process – why's that?
I do a lot of work combatting criminal activity, so having my name online is not ideal as it gives them someone to retaliate against. Unfortunately it's been found and published in the recent hours so I'm sure this is will be a problem I will have to face later.