Purdue CIT '15 graduate helped stop international cyberattack

Darien Huss, a 2015 graduate of Purdue Polytechnic’s computer and information technology program, helped stop a worldwide cyberattack Friday (May 12).

The ransomware attack, dubbed “WannaCry” by security researchers, affected hundreds of thousands of Microsoft Windows-based computers in 150 countries by exploiting a flaw in the operating system. A software update released in March which would prevent the ransomware attack has not been installed by all Windows users, leaving an unknown number of computers still vulnerable.

Marcus Hutchins, a colleague in England, obtained a sample of the ransomware’s code and sent it to Huss. Within minutes, Huss reverse-engineered the code and discovered that the malware was designed to check for the existence of a specific unregistered domain name. Once installed on a computer, if the ransomware did not receive an automated response confirming the domain was still unregistered, it would continue its attack on that computer, encrypting its data and demanding payment to restore access.

Huss, who is now an analyst at California-based cybersecurity company Proofpoint, realized that registering the domain name would stop the cyberattack.

While Huss was examining the code, Hutchins had also discovered the domain name and registered it — but it was Huss’ analysis which confirmed that registering the domain would prevent further spread of the ransomware.

In an interview with the Indianapolis Star, Huss credited his experience at Purdue with providing the foundation for his successes.

"What gave me the fundamentals to be able to do what I do, I totally learned at Purdue," Huss said. "I think without all of those fundamentals, I would not be as successful as I am today." 

Security researchers noted that it will be trivial for cybercriminals to remove the “kill switch” from the code and re-release updated versions of the malware, so keeping computer systems constantly updated with the latest software patches remains essential, they said.

Additional information: