A massive ransomware cyberattack created using leaked NSA code infected more than 75,000 computers in 99 countries this weekend, but the attack has been halted — for now, at least — by a 22-year-old cybersecurity researcher who lives with his parents in England.
The unnamed researcher, who wants to remain anonymous for safety purposes, was poking around the attack's code when he accidentally found its kill switch. "I was out having lunch with a friend and got back about 3 p.m. and saw an influx of news articles," he said in an interview with The Guardian. "I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time."
Registering the domain cost just $10.69. Once the ransomware detected the domain was live, it shut down. Still, the researcher notes, the hackers are unlikely to let their digital crime spree end so easily. "This is not over," he said. "The attackers will realize how we stopped it, they'll change the code and then they'll start again."