After finding the reference to this domain in the Trojan’s code, the researcher registered the domain, thus suspending the attack. In the remainder of the day, the domain was addressed tens of thousands of times, which means that tens of thousands of computers were spared.
The attack started on Friday, 12 May 2017, infecting more than 230,000 computers in 150 countries, with the software demanding ransom payments in the cryptocurrency Bitcoin in 28 languages.
Bitcoin mining isn’t so much about discovering new bitcoins like a gold miner searches for gold. Bitcoin mining is all about being rewarded for validating the authenticity of pending bitcoin transactions.