All of the videos displayed on our site are hosted by websites that are not under our control.
“As curious as this was, I was pressed for time and wasn’t able to investigate, because now the sinkhole servers were coming dangerously close to their maximum load.
“I set about making sure our sinkhole server was stable and getting the expected data from the domain we had registered (at this point we still didn’t know much about what the domain I registered was for, just that anyone infected with this malware would connect to the domain we now own, allowing us to track the spread of the infection).
The cyber analyst who accidentally triggered a 'kill switch' in the Wanna Cry ransomware has written about how he panicked and then literally jumped for joy as it became clear what had happened.
The virus has shutdown parts of the NHS and infected computers all over the world with users ordered to pay a ransom to recover control of their machines.
It was continuing to cause problems, with concerns some files have been lost, and the hackers are likely to have slightly altered the program to enable it to continue infecting more computers.
The UK-based analyst, known as Malware Tech on social media and aged just 22, has now written a blog about the “crazy events” that began after the malicious program struck on Friday.
He said this was not done “on a whim” but was fairly standard practice — he has registered several thousand similar domain names in the past year.
The domains are then pointed to a sinkhole server which is designed to “capture malicious traffic” and prevent the criminals from controlling infected computers.
At one point, there was a suggestion he had actually helped encrypt people’s data and testing this involved deliberately trying to infect his own computer.
When he realised he was in the clear, he described “jumping around with the excitement of having just been ransomwared”.
“Sorting out the sinkholes took longer than expected due to a very large botnet we had sinkholed the previous week eating up all the bandwidth, but soon enough I was able to set up a live tracking map and push it out via Twitter.” He said he had then asked an “employee” to find out if the malware was set up to regularly change the domain name it used.