Jump directly to the content
GEEK AND DESTROY

First picture of ‘accidental’ hero who saved the NHS from cyber attackers – as experts reveal 66 previous threats against hospitals were not reported to police

Anonymous lad discovered £8 'cure'... but has warned the hackers could strike again

THIS is the first picture of a Brit blogger dubbed an “accidental hero” after he halted the global spread of a virus which caused chaos across the world - as his boss gives him a week off to celebrate his save.

He has warned more attacks are planned as experts have since revealed there were 66 cyber attacks launched on UK hospitals last year, but none were reported to police.

This is the first picture of the British blogger who halted the cyber attack which crippled the NHS
4
This is the first picture of the British blogger who halted the cyber attack which crippled the NHS
The ransomware bug has locked NHS trusts out of patient files and is still wreaking havoc across the globe
4
The ransomware bug has locked NHS trusts out of data including patient files and is still wreaking havoc across the globeCredit: PA:Press Association
Ambulances outside the Royal London Hospital in Whitechapel today as yesterday's virus attack continues to cause chaos
4
Ambulances outside the Royal London Hospital in Whitechapel today as yesterday's virus attack continues to cause chaosCredit: Reuters

A found Imperial College Healthcare was hit 19 times in 2016, and eight out of 27 trusts affected saw more than one attack on their systems.

Brian Lord, a former GCHQ director, commented a fear of embarrassment may have stopped trusts from coming forward.

Efforts to spread a bug worldwide yesterday were thwarted by a 22-year-old who managed to stop the devastating spread of the virus by spotting a loophole in the code which meant he could block it.

Hacking terms decoded

MALWARE — Software that is specifically designed to disrupt, damage or gain access to a certain ­computer system.

RANSOMWARE — a malware that installs on a device and blocks access until a ransom is paid.

WANNACRY — a ransomware malware program which specifically targets Microsoft Windows.

DOMAIN — a sequence of characters used to identity a web address.

HARDCODED — to fix data in a program so that it cannot be altered without modifying the program.

Sinister hackers the Shadow Brokers are believed to have brought the NHS to its knees and crippled IT systems worldwide by using a spy weapon stolen from the US National Security Agency (NSA) to spread the ransomware bug known as WannaCry.

After finding the loophole while on annual leave the blogger has warned cyber attackers are planning more online onslaughts as they try to counteract his fix and : "We've actually been getting attacks today - we don't think it's the actual group who were spreading the malware but another group is trying to attack us so the infections resume."

He added his bosses have rewarded his monumental efforts in halting the spread of the malware, by giving him another week on holiday.

He said: "I don't really want anything, I just want to get back to my job really. My boss rewarded my with a new week off to replace my not-really week off."

Although he says it was an accident, the anonymous expert, who runs malwaretech.com, registered the domain name which the virus tries to contact when it infects a new target.

He said the virus worked by only spreading if it can’t connect with that address. If it does connect, it shuts itself down immediately.

Election Tory ban on email and texts

By David Wooding, Sunday Political Editor

TORY staff have been banned from emailing secret election material to evade cyber attackers.

Campaigners were told they must deliver everything by hand and not send text messages.

A source said: “We’ve been under strict orders from the start of the campaign to stick to pen and paper if possible.”

 

No10 and key government departments have operated an “old technology” system for weeks after spy chiefs warned of the risk of hacking.

 

Foreign Secretary Boris Johnson yesterday admitted Russian sabotage of the General Election was a “realistic possibility”.

He said that President Vladimir Putin would “rejoice” if Labour leader Jeremy Corbyn won.

But the hackers didn’t register the domain name for the address, so MalwareTech swooped in and registered it himself for just £8.29.

Hundreds of operations have been cancelled and patients turned away from A&E after the unprecedented global cyberattack wreaked havoc in 99 countries worldwide yesterday.

Home Secretary Amber Rudd told Sky News this afternoon that all but six of the 48 hospital trusts hit by the virus are now running as normal.

It comes as experts told The Guardian the hack attack had only raised £15,500 for the criminals behind it.

MOST READ IN NEWS

Woman 'raped in property overnight' as 5 men arrested over horrific 'attack'
'RAPE' PROBE

Woman 'raped in property overnight' as 5 men arrested over horrific 'attack'

Baby girl found dead at home as woman, 21, and man, 41, arrested
TOT TRAGEDY

Baby girl found dead at home as woman, 21, and man, 41, arrested

Man and woman, in their 90s, die in house fire as inferno rips through home
TRAGIC BLAZE

Man and woman, in their 90s, die in house fire as inferno rips through home

'Multiple people stabbed' as cops rush to 'serious incident' in Dublin
'STAB' HORROR

'Multiple people stabbed' as cops rush to 'serious incident' in Dublin

The mysterious blogger, who signed off as MT, told The Sun: "It was depending on the domain not being registered and by registering it we caused the malware to exit."

He has since been praised for dramatically slowing the spread of the virus, although he warned others that hackers only need to change some code before they can start again.

He tweeted: “I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental."

He urged people to patch their systems to protect themselves.

The expert also created this map showing the spread of the attack as the virus infected computers in 99 countries
4
The expert also created this map showing the spread of the attack as the virus infected computers in 99 countriesCredit: Malwaretech

“So long as the domain isn't revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again.

“It's very important everyone understands that all they need to do is change some code and start again. Patch your systems now!”

Ryan Kalember, of Californian security firm Proofpoint, told : "They get the accidental hero award of the day."

Who are the Shadow Brokers and what is EternalBlue?

The Shadow Brokers are a group of hackers who emerged last August when they leaked some of the US NSA’s hacking tools online, sparking alarm worldwide.

These included “exploits” used to take control of networks through firewalls, anti-virus software Microsoft products.

One of these tools is EternalBlue, which targets a vulnerability in Microsoft Windows.

The cyber gang stole the tool - which the NSA developed to spy on terrorists and enemy states - in April.

The bug was dumped online just after Donald Trump ordered an airstrike in Syria, leading some to believe the Shadow Brokers have links to the Russian government.

EternalBlue is the exploit which has been used to cripple the NHS and other computer systems in 99 countries.

The hackers used EternalBlue to spread a ransomware virus called WannaCry, which is known as a computer “worm” because it replicates itself to rapidly spread between computers.

This raid is just the tip of the iceberg

By Paul Norris, cyber expert

THE cyber strike on the NHS is another reminder of how vulnerable we are to attack by computer hackers.

 

Sadly, no computer system is completely safe.

But our health service was particularly vulnerable as it uses old Windows software.

NHS computers were connected to the internet, allowing outsiders to hack into the software by sending a phishing email then launching a ransomware attack.

But gas and electricity companies use an “air gap network” that is completely independent from the web.

Air traffic controllers will also use their own private system. But schools and police stations are at serious risk.

Hackers can now take data from our smartphones, watches and fitness trackers that could be used to blackmail us.

The NHS attack could just be the tip of the iceberg for what lies ahead.


We pay for your stories! Do you have a story for The Sun Online news team? Email us at [email protected] or call 0207 782 4368

YOU MIGHT LIKE
RECOMMENDED FOR YOU
MORE FOR YOU