you the malware tech is what this person is known as online and other than keeping a low profile and k for an l.a.-based intelligence company. this person was studying the malware as the attack was unfolding and while that was happening, noticed that the malware kept trying to contact a strange web domain, an internet address. noticed that that internet address wasn't registered and paid the 10$10 which is straightforward thing to to control of it and inadvertently stopped it from spreading further. the researcher is the first to admit this was an accident. had no idea that in doing that, registering the domain name, that would be the effect. this person is also warning that we could expect further attacks because although the shotdown was relatively straightforward this person believes that recoding the malware, rewriting it and releasing it again would be a straightforward thing to do and we could see that happen in the coming week. >> phil black for us there in london, thank so much. >>> emmanuel macron is participating in first official duties as president of the france and laying

one goes by the name malware tech. he noticed every time it took over, it pinged back to an unregistered website. so he registered the website for about $10. his fellow sleuth was watching in dare kw darian huss. >> he activated the kill switch. >> reporter: huss said once an infected computer pinged the newly-registered website, it killed the virus. >> it's what i do on a day-to-day basis. for me, it was just another day at the office, i guess. >> reporter: the head of europoll says they are working closely with the fbi to identify the culprit. and at least two cyber security firms say they're looking into technical clues that north korea may be behind the attack. >> charlie d'agata in our hon done newsroom. so thanks. what does microsoft have to say? john blackstone pincks up the story. >> reporter: security evexperts have known for months about the vulnerability. they released a newer versions of its operating system but not the older versions. >> microsoft hasn't been supporting their decade-old systems hike window

at the same time, halfway around the world, a british researcher that goes by the handle malware tech stumbled on the same solution, stop ng the spread of the attack, but not before it hit computers at banks and hospitals and other agencies. rob wainwright. >> we've seen cyber become being the threat. it is unprecedented. >> reporter: the hackers demanded $300 or their files would be erased. new code has surfaced that has allowed the ransom ware to work without the kill switch. >> the huge concern is all the computers that are potentially going to be turned on at the beginning of this workweek, and they could be vulnerable to this ransom ware sample that has no kill switch. >> reporter: they used vulnerabilities in microsoft windows to carry out the attacks. they are still searching for whoever is responsible for the ransom ware. experts are urging companies to back up their data and keep their software up to date. >>> president trump said this weekend he expects to nominate a new fbi director by the end of the week. errol barnett has the latest from the white house. >> reporter: pres

agencies, british cyber security officials are thinking a 22-year-old british researcher known as malware techsomething american security engineer for finding the kill switch to stop the attack. some experts call the attack the perfect storm that took advantage of a security hole in microsoft windows. users who do not apply the patch allow the malware to spread quickly. in d c,not an exhibit this is a couple feet of water at 19th street and constitution avenue. by the time first responders arrived, nobody was in the car. they don't know why it was left. a california cross-country trip and welled up 1500 miles -- and wound up 1500 miles away from home. >> she escape ther.v. near mis souri, and she belongs in sacramento. kimberly: elizabeth said that her grandchildren found the cat behind their house in oklahoma, just east of oklahoma city. she called the number on the tag and learned her name was penny. penny's family still has no idea how she escaped. they are working with a group kindred hearts to give penny her reunion with her family. penny does that seem to really mind. cats are amazing li

goes by the name malware tech and is getting widespread praise for saving the day. the engineer may have saved companies and governments millions and millions of dollars and slow the outbreak before the computer in the u.s. were more widely affected. to learn more about how he did it open our nbc washington app and search cyber attack. >>> a young woman from manassas died in a shooting this morning on i-95. sharayne holland was 26. she and another young woman were in a car around 3:40 this morning when someone pulled up next to them in richmond. state troopers say multiple shots were fired in the both women died. troopers believe they were targeted and they are asking for help in the investigation. the suspect's vehicle was a newer model white four-doory is dap. >>> right now, north korea says that the mitchell it launched this weekend is a new type of long range ballistic rocket capable of carrying a nuclear warhead. outside experts say they do not believe north korea has the means to do that. you're looking here at file video from a proves test. north korea has re

one goes by the name of malware tech. he noticed every time a virus took over a computer, it pinged back to an unregistered web site. so he registered the web site ter $10. his fellow computer sleuth was watching in michigan, darien huss. >> through that registration of the domain, he activated the kill switch. >> reporter: huss said once an infected computer pinged the newly registered web site, it killed the malware, but he resisted being called a hero. >> it's kind of what i do on day-to-day basis, so for me it was just another day at the office i guess. >> reporter: the head of europol said its investigators are working closely with f.b.i. to identify the culprit, scott, in c least two prominent cyber security firms, including one in the u.s., say they're looking into technical clues that north korea may be behind the attack. >> pelley: charlie d'agata in our london newsroom. charlie, thanks. so what does microsoft have to say? john blackstone picks up the story. >> reporter: at microsoft's campus near seattle, securi

: over the weekend, a cyber security engineer and a british researcher that goes by the handle malware tech stumbled on a way to temporarily limit the spread of the worm. it likely bought precious time for organizations trying to block the attack. betty yu, kpix5 5. >> experts are calling on companies to update software and back up data frequently. in a blog post microsoft says there should be greater cooperation between the government and the private sector on cyber threats. >>> authorities investigating arson as a likely cause of a fire in emeryville over the weekend. it erupted at a construction site on saturday. firefighters say it's dangerous around the area because of all the debris and possible hot spots. over the weekend crews removed a crane that they were worried could melt and fall over. >> whether it would have reached one of the structures joining here here right now, i don't know but it could have fallen and taken other pieces of debris from this with it and ricocheted up into windows and put residents at risk. >> firefighters say they are keeping a close eye on some twisted m

one goes by the name malware tech.noticed every time a virus took over a computer it pinged back to an unregistered website. so he registered the website for about $10. his fellow computer sleuth was watching in michigan, darian huss. >> through that registration of the domain, he activated the kill switch. >> reporter: huss says once an infected computer pinged the newly-registered website, it killed the malware, but he resisted being called a hero. >> their is is kind of what i d a day-to-day basis, so for me it was just another day at the office, i guess. >> reporter: europol is working with the united states government, and two security firms are looking into technical clues that north korea may be behind the attack. >>> microsoft is pointing the finger of blame at the u.s. government for the ransom weare attack. john blackstone has that story. >> reporter: at microsoft's campus near seattle, security experts have known for months about the software vulnerability that made this attack possible. in march, microsoft

said that by registering a domain name that unexpectedly stopped the spread of the malware, the malware tech provented further infections. the attack was a perfect storm. it combined known and highly dangerous holes in microsoft that let it spread quickly inside networks. as brian reports, the software that caused it was once used by the nsa. >> hackers using a microsoft windows flaw to launch what appears to be the largest cyber attack of its kind on friday. the leaked flaw was once used by the u.s. national security agency. hackers exploiting this software to infect computers with ransomware through spam email or attachmentsch a user -- attachments. a user must then pay ransom or lose files. this is one in northern england friday. it's alarming because of the size and speed, hitting more than 70 countries included the u.s., uk, india, spain, china, and russia. it affected all types of industries from fedex in the u.s. to british hospitals, the russian interior ministry, french auto maker renault, and others. many hospitals canceled routine procedures, emergency room procedures were scaled

the engineer goes by the name malware tech online. nbc news has confirmed that his real name is marcus hutchins. he's being haled as a person who saved companies before this was more widely affected. >>> north korea says a new weapon test fired this weekend is capable of reaching the u.s. the country launched what it's calling a medium long rage ballistic rocket. south korea says more analysis is needed. the u.n. security council is set to meet tomorrow. the white house stronger sanctions. >>> a scary crime on one of the busiest highways in our area. two women shot and killed on i-95. happened earlier this morning not far from richmond. one of the women was from manassas. she and one other woman were in the car with five other people. someone pulled up to them and started shooting. troopers believe someone targeted these women. they're asking the public for health. they say the suspect's vehicle was a newer model white four door sedan. >>> more than two weeks that a virginia mother and her 8-month-old baby have been missing. they foun

over the weekend, this 22-year-old british cyber researcher known as malware tech says he found a kill switch for the virus. he along with americans slowed the attack but didn't stop it. the only way to guard against it would be to update your computer software ask avoid strange links. chinese officials have detected a a version 2.0 of this virus. they say it spreads faster is and isn't affected by that kill switch. now some industry experts suggested this may be the work of russian-speaking cyber criminals, intelligence agencies around the world are investigating. they behind it. nbc news, london. >>> now if your computer gets infect ed by a virus, you'll knw it immediately. you'll see a a pop up screen that reads "oops, your important files are encrypted." don't click on the check payment or decrypt button in the pop up message. rather than doing that, you'll want to download the microsoft patch. going to the nbc washington app and a link. >>> one more win and they are in the eastern conference finals. lose and they are out. the wizards are playing a do or die game seven tonight. jus

goes by malware tech online. studying the malware and noticed it was reporting back frequently to a strange web domain and internet address that was unregistered. this person registered it and took control of it and in doing some triggered some sort of kill switch that stopped it from spreading further. so an accidental hero but this person is also saying it would be relatively simple to rewrite the code and effectively relaunch the malware and that that could happen within the next week or so. >> any idea who might be responsible for this, this global cyberattack? >> no, not specifically. this is something going to be investigated at an international level. almost 100 countries effected. tens and tense of thousands of computers around the world. here in britain, the key question is how is this able to happen? how is it able to have such a big effect? particularly on the national health system where some 20% of hospitals and health facilities were impacted by the malware. the british government is saying as you h

cold to malware tech, a group that monitors this sort of thing, the dots on this map show where the so-called cry virus -- that's what they call it -- where it's hit in the last 24 hours. it started this time friday and has been going through the weekend. a lot of people got hit today after the weekend. there it is. bossert does confirm it's hit american issues. fed ex reported issues friday. affected britain's national health services and russian's foreign ministry. now the sun newspaper, which is a corporate cousin of ours, reports that the russian president vladimir putin is blaming the united states government. the hackers used vulnerability from leaked nsa documents. here's a look at what people saw if it hit. a scream demanding payment in bitcoin. it's a digital currency not regulated by any one company. pay hundreds of dollars and you get your file back. trace gallagher with more. trace? >> the way this works, the ransomware that is malicious software is pretty effective exploiting microsoft systems. once clicked on, locks you out and demanding money. sure enough when workers logged on

a 22-year-old cybersecurity blogger known as malware tech may have saved the day by accidently finding kill switch for the virus and slowing it down. he said he was surprised by the virus' lack of sophistication. this ransomware affecting a computer an e-mail and quickly spreads throughout a nation's network encrypting files and demanding $300 in bitcoin to unlock them. it was based on a hole in microsoft's security and then leaked by hackers and this morning that blogger who helped slow down the attack is warning users to update their computers fast. he says it's only a matter of time, willie, before cyberthieves get around that kill switch. willie? >> this is just the kind of attack that they have been dreading for some time. kelly cobiella, thanks. >>> some other stories, new french president emmanuel macron says he'll do everything that he can to fight terrorism and solve the migration crisis. he's the youngest president in france's history. >>> more trouble for united airlines. information aut the cockpit may have been made public but it was not the result of a hack. according to

a 22-year-old cybersecurity blogger known as malware tech, may have saved the day, at least temporarily, by accidentally finding a kill switch for the virus and slowing it down. he said he was surprised by the virus' lack of sophistication. this ransom ware infects a computer through a bad link in an e-mail and quickly spreads throughout an organization's network, locking all the computers, encrypting files, and demanding $300 in bitcoin to unlock them. it was developed based on a hole in microsoft windows security first identified by the nsa, then leaked by hackers. this morning that blogger who helped slow the attack is warning use toers update their computers fast. he said it's only a matter of time before cyber thieves get around that kill switch. >> exactly the kind of attack they've been dreading. kelly, thank. >>> other stories making headlines, new french president emmanuel macron was inaugurated hours ago in paris after his election last week. he said in a speech he'll do everything he can to fight terrorism and help resolve the world's migration crisis. at 39, macron is the yo

the man who goes by the on line name malware tech found the kill switch on friday and was able to preventfects. it affected hospital and computer systems in several countries in an effort to extort money. >>> marine corps looking for a few good men and women. it is now running a new ad that features a woman. the ad was released on friday and the commercial system aimed to highlight women in the marines ton recruit more women. the marine corps has the lowest percentage of women participants among other military services and there are some critics though who say the ad is correct and that women are not equal to men physically. >>> more than 200 cook county jail officers called off work on mother's day forcing the jail to go into lockdown. 32 percent of officers assigned to a 7:00 a.m. to 3:00 p.m. shift called out. last mother's day 420 officers called in sick and for father's day 520 officers called out. >>> one of the stars of the big bang theory got married over the weekend. jim parson married todd spiewak yesterday. the couple had been together for 14 years since they met at a karaoke b

hutchins says he is malware tech spent days in his home at southwest england fighting that crippling virus. he doesn't consider himself a hero. >> they're thanking me saying i'm a hero. i didn't intend for it to blow up and me to be all over the media. i just was doing my job and i don't think i'm a hero at all. >> shannon: the wave of attacks is the biggest on-line ex tortion attempt every recorded. >> bill: we had a lot of warnings monday would be a disaster and it wasn't. we're getting better at identifying what you open and stay away from in your inbox. >> bill: cyber secure researchers say there is a possible link to north korea. is that possible? details on that plus this today. >> it was clearly bipartisan support that jim comey wasn't up to the job. the president has every right to fire a person because he believed director comey lacked the judgment and decision making skills and wasn't up to the job. >> shannon: the new director of the f.b.i., we know one person who will not be replacing james comey. the top lawmaker who has taken his name out of contention. former house int

over the weekend, this 22-year-old british cyber researcher known as malware tech says he accidentally found a kill switch for the virus. >> i was surprised it wasn't as sophisticated as i expected. i expected proper professional-grade code. >> reporter: he, along with american derian huss slowed the attack but couldn't stop it. >> reporter: the only way to guard against it, update your computer software and avoid e-mails with strange links. and this morning, chinese officials say they've detected a new version of this virus that spread more quickly they say they say it isn't affected by that kill switch. experts say they look like it's russian-speaking cyber criminals. investigators say they don't know at this point who's behind it. matt, savannah? >> kelly, thank you very much. nbc news analyst sean henry is a former executive assistant director with the fbi. he is now the chief security officer for the cyber security firm crowdstrike. sean, good to see you, good morning. >> good morning, matt. >> i understand this is complicated because these codes are coming from different sources

we helped to discover there was this kill switch and a gentleman known as malware tech registered thatted? then exactly as kris described, it would have continued to propagate and affected more networks and computers. joseph, tell us what you uncovered last year and how worried people in the nhs should be? so mid last year, i sent freedom of information requests to all of the nhs trusts. 42 said they use windows xp which is clearly an ancient operating system and many of those trusts also said that they do not receive or pay for security updates. that is not to say windows xp was the reason this ransomware was so effective. there is still a lot of stuff which is unclear, but it is certainly indicative of the cyber security stance of a lot of nhs trusts, running outdated and secure software which leaves them totally open to attack. and from today will leave them open to attack and tomorrow and wednesday and so on and tomorrow and wednesday and so on and so forth, until they spend a lot of money on updating their systems, presumably? microsoft released a patch in march but that was only

over the weekend, this 22-year-old british cyberresearcher, known as malware tech says he accidentally found a kill switch for the virus. >> i was surprised it wasn't as sophisticated as i expected. >> reporter: he along with american darion huss slowed the attack, but didn't stop it. >> anybody could modify their code and rerelease it in the wild. >> reporter: the only way to guard against it it, experts say, update your computer software and avoid e-mails with strange links. chinese officials detected a new version of this virus that spreads more quickly, they say. they also say it isn't affected by that kill switch. some industry experts say this looks like the work of russian speaker cybercriminals and intelligence agencies around the world are investigating this. they say they simply don't know at this point who's behind it. matt, savannah? >> kelly, thank you very much. >>> sean henry is a former executive assistant dreirector with the fbi and now chief security officer. sean, good to see you. good morning. >> good morning, matt. >> i understand this is complicated because these

tech world scrambing right now to stop computer virus. this morning, the fear is people returning to work may turn on their computers to find them locked up. the malware 3-600 dollar ransom to unlock your computer. more than two hundred thousand computers in 150 countries have already been hit. the virus was temporarily halted, but it appears there are now more versions. this worm primarily affects computers running older versions of windows. so far this morning, only a few companies are reporting issues in asia, australia and new zealand. do you have to choose between working part-time -- and working 40 hours a week to receive critical benefits? you might not have to anymore.. consumer reporter john matarese shows us some great part-time jobs with real benefits, so you don't waste your money. 0-11 218-229 right now at 5:xx - a tickets to to colonial williamsburg and they could be yours! call the number on your screen right now... 703-528-7334. caller number seven wins! and if today isn't your lucky day don't worry. we'll be giving away tickets every day this week in our five o'clock hour.. return midweek today: mostly sunny. breezy & seasonable. high

malware. congratulations. i know a lot of folks are super grateful of what you have done. do you want to explain to us in n n non-tech one of my colleagues was following the recent incident that was happening yesterday and just kind of asked for my assistance to reverse engineer the sample and so i just plugged in into one of the programs that i use to analyze malware and immediately noticed there was a domain that was hard coated ded the malware and appears that in the malware could reach out to the domain, the infection would halt and that was the case. >> you found the loophole and the off switch that you were able to engage so you saved a lot of people but then there is a lot of people trying to retrieve some of their data and perhaps paying a lot of money, but in your view, how many temporary is this halt or is this a permanent fix? >> this is very temporary. it would not be very complicated for these actors or some other person that's wanting to do a similar attack. it would not be difficult to reimplement the exploit that was used and kind of start the whole chain of events all over again. >> oh gosh, it can h

proceeded to tweet about it and started conversing with other security researchers and that is when malware techat by sequencing that domain that was hard—coded in the malware, they were stopping infections. he has been called an accidental hero, hasn't he? he stopped the spread that those computers that were already infected, it was too late for them? yes, that is correct. unfortunately, many of the computers that were already infected by sequencing the domain that actually doesn't help those computers and many of those computers had all of their files encrypted so really the only way to recover from an attack like that is to either pay the ransom or to restore from a back—up that was previously made of those computers. well, here in the uk, hospitals and doctor's surgeries were disrupted as a result of the hack. the bbc‘s health editor, hugh pym looks into how the cyber attack — affected britain's huge state—run health sector. the news shocked staff and patients alike. the cyber attack shut down key systems. ron grimshaw won't forget it in a hurry. he was in the middle of having an mri scan bu