GEEK AND DESTROY

First picture of ‘accidental’ hero who saved the NHS from cyber attackers – as experts reveal 66 previous threats against hospitals were not reported to police

Anonymous lad discovered £8 'cure'... but has warned the hackers could strike again

Published: 21:00, 13 May 2017
Updated: 5:08, 15 May 2017

THIS is the first picture of a Brit blogger dubbed an “accidental hero” after he halted the global spread of a virus which caused chaos across the world - as his boss gives him a week off to celebrate his save.

He has warned more attacks are planned as experts have since revealed there were 66 cyber attacks launched on UK hospitals last year, but none were reported to police.

This is the first picture of the British blogger who halted the cyber attack which crippled the NHS

found Imperial College Healthcare was hit 19 times in 2016, and eight out of 27 trusts affected saw more than one attack on their systems.

Brian Lord, a former GCHQ director, commented a fear of embarrassment may have stopped trusts from coming forward.

Efforts to spread a bug worldwide yesterday were thwarted by a 22-year-old who managed to stop the devastating spread of the virus by spotting a loophole in the code which meant he could block it.

Hacking terms decoded

MALWARE — Software that is specifically designed to disrupt, damage or gain access to a certain computer system.

RANSOMWARE — a malware that installs on a device and blocks access until a ransom is paid.

WANNACRY — a ransomware malware program which specifically targets Microsoft Windows.

DOMAIN — a sequence of characters used to identity a web address.

HARDCODED — to fix data in a program so that it cannot be altered without modifying the program.

Sinister hackers the Shadow Brokers are believed to have brought the NHS to its knees and crippled IT systems worldwide by using a spy weapon stolen from the US National Security Agency (NSA) to spread the ransomware bug known as WannaCry.

: "We've actually been getting attacks today - we don't think it's the actual group who were spreading the malware but another group is trying to attack us so the infections resume."

He added his bosses have rewarded his monumental efforts in halting the spread of the malware, by giving him another week on holiday.

He said: "I don't really want anything, I just want to get back to my job really. My boss rewarded my with a new week off to replace my not-really week off."

Although he says it was an accident, the anonymous expert, who runs malwaretech.com, registered the domain name which the virus tries to contact when it infects a new target.

He said the virus worked by only spreading if it can’t connect with that address. If it does connect, it shuts itself down immediately.

Election Tory ban on email and texts

By David Wooding, Sunday Political Editor

TORY staff have been banned from emailing secret election material to evade cyber attackers.

Campaigners were told they must deliver everything by hand and not send text messages.

A source said: “We’ve been under strict orders from the start of the campaign to stick to pen and paper if possible.”

No10 and key government departments have operated an “old technology” system for weeks after spy chiefs warned of the risk of hacking.

Foreign Secretary Boris Johnson yesterday admitted Russian sabotage of the General Election was a “realistic possibility”.

He said that President Vladimir Putin would “rejoice” if Labour leader Jeremy Corbyn won.

But the hackers didn’t register the domain name for the address, so MalwareTech swooped in and registered it himself for just £8.29.

Hundreds of operations have been cancelled and patients turned away from A&E after the unprecedented global cyberattack wreaked havoc in 99 countries worldwide yesterday.

Home Secretary Amber Rudd told Sky News this afternoon that all but six of the 48 hospital trusts hit by the virus are now running as normal.

It comes as experts told The Guardian the hack attack had only raised £15,500 for the criminals behind it.

The mysterious blogger, who signed off as MT, told The Sun: "It was depending on the domain not being registered and by registering it we caused the malware to exit."

He has since been praised for dramatically slowing the spread of the virus, although he warned others that hackers only need to change some code before they can start again.

He tweeted: “I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental."

: "They get the accidental hero award of the day."

Who are the Shadow Brokers and what is EternalBlue?

The Shadow Brokers are a group of hackers who emerged last August when they leaked some of the US NSA’s hacking tools online, sparking alarm worldwide.

These included “exploits” used to take control of networks through firewalls, anti-virus software Microsoft products.

One of these tools is EternalBlue, which targets a vulnerability in Microsoft Windows.

The cyber gang stole the tool - which the NSA developed to spy on terrorists and enemy states - in April.

The bug was dumped online just after Donald Trump ordered an airstrike in Syria, leading some to believe the Shadow Brokers have links to the Russian government.

EternalBlue is the exploit which has been used to cripple the NHS and other computer systems in 99 countries.

The hackers used EternalBlue to spread a ransomware virus called WannaCry, which is known as a computer “worm” because it replicates itself to rapidly spread between computers.

This raid is just the tip of the iceberg

By Paul Norris, cyber expert

THE cyber strike on the NHS is another reminder of how vulnerable we are to attack by computer hackers.

Sadly, no computer system is completely safe.

But our health service was particularly vulnerable as it uses old Windows software.

NHS computers were connected to the internet, allowing outsiders to hack into the software by sending a phishing email then launching a ransomware attack.

But gas and electricity companies use an “air gap network” that is completely independent from the web.

Air traffic controllers will also use their own private system. But schools and police stations are at serious risk.

Hackers can now take data from our smartphones, watches and fitness trackers that could be used to blackmail us.

The NHS attack could just be the tip of the iceberg for what lies ahead.

We pay for your stories! Do you have a story for The Sun Online news team? Email us at tips@the-sun.co.uk or call 0207 782 4368

©News Group Newspapers Limited in England No. 679215 Registered office: 1 London Bridge Street, London, SE1 9GF. "The Sun", "Sun", "Sun Online" are registered trademarks or trade names of News Group Newspapers Limited. This service is provided on News Group Newspapers' Limited's Standard Terms and Conditions in accordance with our . To inquire about a licence to reproduce material, visit our Syndication site. View our online Press Pack. For other inquiries, Contact Us. To see all content on The Sun, please use the Site Map. The Sun website is regulated by the Independent Press Standards Organisation (IPSO)

Our journalists strive for accuracy but on occasion we make mistakes. For further details of our complaints policy and to make a complaint please click this link: mcb777.site/editorial-complaints/

machibet777.com

Hacking terms decoded

Election Tory ban on email and texts

MOST READ IN NEWS

Who are the Shadow Brokers and what is EternalBlue?

This raid is just the tip of the iceberg