WannaCry was used in a worldwide cyberattack in May 2017. It has been blamed on the North Korean regime and relied on an NSA-developed exploit called EternalBlue. The exploit had been leaked online by a group called the Shadow Brokers in the months before WannaCry emerged. It targeted a vulnerability present in older and unpatched versions of Microsoft Windows.
As a result of its spread, governmental organizations and private institutions were hit with damages estimated in the hundreds of millions, to billions of dollars. In the UK for example, the National Health Service (NHS) was hit with outages that caused the cancellation of appointments and procedures for patients.
In response to WannaCry, Microsoft issued emergency patches for end-of-life products like Windows XP to stop the spread of the infection. However, a Kill Switch was also discovered that would prevent newly-infected computers from spreading WannaCry any further. Researcher Marcus Hutchins discovered the kill switch in WannaCry, finding that it only encrypted files on an infected system and propagated further if it was unable to connect to a specific domain.
By taking control of the domain, Hutchins drastically reduced the spread of the malware and saved a lot of victims from having their files encrypted. Further variants of WannaCry used similar kill switches that were also targeted in similar ways.
Not long after Hutchins was lauded as a hero, however, he was charged with crimes related to banking malware called Kronos. He pleaded guilty to creating and distributing the malware when he was a teenager.
Last week, Judge JP Stadtmueller sentenced Hutchins to a year of supervised release, sparing him prison time for the Kronos offenses. Stadtmueller noted that Hutchins had been turning a corner before he faced any charges and noted the defendant's acknowledgment that he had made bad decisions as a teen and had no desire to go back to online crime.
On top of his WannaCry efforts, Hutchins has also conducted research on botnets and other malware.
Written by: James Delahunty @ 29 Jul 2019 6:21