WannaCry ransomware attack: Killswitch activated, but danger not over

A potential killswitch has been found for the fast-spreading WannaCry ransomware attack - and it cost only $15.58.

An anonymous 22-year-old computer security expert found a website address in in the software's code, saw it wasn't registered, so he bought it, various media have reported.

He didn't know if it would do anything, but the effect was immediate. It appears the software, before it takes over a victim's computer, checks to see if this web address is activated - if it is, the attack is cancelled.

"I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental," the anonymous Kryptos Logic employee told The Daily Beast.

Thousands of requests flooded in at first, which have slowed to a trickle over the past 24 hours. But that doesn't mean it's time to relax.

"If we did stop it, there's like a 100 percent chance they're going to fire up a new sample and start that one again," he said. "As long as people don't patch it's just going to keep going."

He joked on Twitter he can add "accidentally stopped an international cyber attack" to his resume, and detailed just how he did it on his blog.

Any computers already infected are unaffected by the killswitch.

The ransomware hit the UK particularly hard, putting many of the National Health System's computer networks offline.

"Our managers told us to shut down every computer as hackers were trying to get in," one staff member told The Daily Beast.

"Major heart surgeries had to be cancelled as the computers required to monitor the heart and arteries post-op were switched off."

The hackers used tools believed to be stolen from the US National Security Agency. They exploited a loophole in various Microsoft Windows operating systems which was patched in March, but not everyone keeps their computers up to date, giving the hackers a chance to get in.

In an unprecedented move, the attack prompted Microsoft to release security patches for operating systems as old as Windows XP.

"While the ransom is relatively small at around $NZ430 per computer, the criminals who are collecting the ransom will be making millions having successfully taken down large organisations such as the UK's National Health Service, Telefonica and FedEx as well as thousands of smaller businesses," NZ Tech chief executive Graeme Muller told NZN.