Efforts From US And UK Halt 'WannaCry' Ransomware Attack, But Warn It's Not Over

DETROIT (CBSDetroit) - The WannaCry ransomware computer attack hitting many countries on Friday was halted for a time thanks to efforts on both sides of the pond.

A Michigan based cyber security engineer and a 22-year-old from the United Kingdom on holiday from his job at a 'private intel threat firm' both played a role in halting the ransomware WannaCry attacks that hit across the globe on Friday.

Darien Huss works for the cyber security firm Proofpoint and discovered the "kill switch" in the malware used in the extortion scheme.

"I just want to stress to people that they take updating their systems more seriously and that they follow a strict backup policy," says Huss.

He says that many computers were infected with the malware because patches that were released two months ago were not applied or they were still operating on Legacy systems (such as Windows XP) which were not given patches.

Huss says given the media coverage the attacks receive, he wouldn't be surprised if there's another similar attack in the near future.

While on the other side of the pond, a 22-year-old on holiday from his job at a 'private intel threat firm' Kryptos Logic -- is also credited with cyber heroics. According to BusinessInsider.com, Marcus Hutchins helped to slow down the attack when he "registered a garbled domain name hidden in the malware to track the virus, unintentionally halting it."

My blog post is done! Now you can read the full story of yesterday's events here:https://t.co/BLFORfM2ud
— Marcus Hutchins (@MalwareTechBlog) May 13, 2017

An 'emergency stop' was found after Hutchins searched for a weakness in the hack software and found a reference to a website address that nobody owned.

He purchased it, knowing this was a regular way to track a computer infection, but had not expected it to actually halt the spread of the ransomware says the Daily Mail.

I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
— Marcus Hutchins (@MalwareTechBlog) May 13, 2017

The ransomware attacks began Friday and hit 150 countries -- infecting 200,000 machines and that list is expected to grow.

The malware, once activated on a computer, encrypts the files so they are no longer accessible -- the attackers demanding (a ransom of) 300 bitcoins in order to release your files.

Some of the organizations affected include FedEx, the UK's National Health Service, automaker Renault in France, and China's National Petroleum Corporation.

While Microsoft issued a repair for those systems, including Windows XP on Friday but the malware had already done considerable damage.

Experts weighing in on both sides of the pond saying that we should be on the defensive; Former FBI Agent in Metro Detroit, Bill Kowalski, says the global ransomware attack could grow much larger when people return to work this week.

Kowalski says home computers likely won't be targeted because most people wouldn't pay the $300 ransom, but instead just wipe their computers clean and start over.

Featured Local Savings

More from CBS News

Several Michigan Ascension hospital systems still down after cyberattack

Michigan man pleads no contest in 2019 fatal shooting of Detroit police sergeant during domestic dispute

Metro Detroit housing commission gifts renovated home to mom, children

Amish family's horse struck, killed by car in rural Michigan