The hacker who unwittingly halted the NHS cyber attack that wreaked havoc on the UK health service has been rewarded for his efforts, with a year’s supply of free pizza being delivered to his door by Just Eat.
Marcus Hutchins, a blogger from south-west England who operates under the alias MalwareTech, accidentally toppled a devastating international ransomware attack that brought the NHS to its knees last week, which utilised the malicious software WannaCry to exploit a vulnerability in Windows. Microsoft had previously recognised this vulnerability and released an emergency update in March, but systems that had not been updated were still at risk.
Marcus had remained anonymous prior to toppling the cyber attack, though his identity was soon known after a photograph of him was splashed across newspapers as a result of his efforts. However, despite being hailed as a hero for his work, Marcus revealed that he accidentally halted the attack after unwittingly activating a “kill switch” in the program. The 22-year-old, who operates from his bedroom in from out of his family home in England, managed to activate the switch that toppled the ransomware by way of registering a specific domain name and hiding it within the program.
For his efforts Marcus was rewarded a $10,000 (£7,800) bounty by HackerOne, a group that rewards ethical hackers for discovering harmful software flaw. However, after Marcus’s identity was revealed he received another, stranger prize. Following Marcus’s anonymity being uncovered by tabloids, journalists began placing an odd focus upon his pizza-eating habits, with him reportedly eating up to three pizzas for lunch and favouring the “Hawaiian”, which includes ham and pineapple as toppings.
This resulted in Just Eat stepping in to offer him a second reward, with the takeaway delivery service stating that they would offer him free pizza for a year from any Just Eat restaurant.
In a blog post, Just Eat wrote: “As the hero who stopped the ransomware virus, known as WannaCry, we thought it was only right to spread some cheesy love of our own and provide Marcus with his very own supply of piping-hot pizza, free for a whole year from any Just Eat restaurant.
“Call it a thank you on behalf of the nation – a small slice of our appreciation. Massive props to you Marcus, and enjoy your next Just Eat delivery.”
Though Marcus failed his IT GCSE, his hobby eventually transformed into his MalwareTech blog which led to him being hired by a California web security company, who he works for remotely. The ransomware attack he halted led to some of the NHS’s accident and emergency units being unavailable to ambulances, while surgery and GP appointments were also cancelled across the NHS. The cyber criminals asked for payment to unlock the affected computers, with the ransomware program demanding a £230 payment for each one that was affected. Although UK Prime Minister Theresa May confirmed that it was an international attack and not directly targeted at the NHS, the health service was forced to turn patients away until its doors reopened on Tuesday (May 16).
Marcus has warned that the ransomware attack will likely reappear when the hackers find out how he stopped it. “This is not over”, he told The Guardian. “The attackers will realise how we stopped it, they’ll change the code and then they’ll start again.” He also suggested that in order to prevent the attack, Windows users should “enable Windows update, update and then reboot.”