After finding the reference to this domain in the Trojan’s code, the researcher registered the domain, thus suspending the attack. In the remainder of the day, the domain was addressed tens of thousands of times, which means that tens of thousands of computers were spared.
The attack started on Friday, 12 May 2017, infecting more than 230,000 computers in 150 countries, with the software demanding ransom payments in the cryptocurrency Bitcoin in 28 languages.
The hack tricks unsuspecting users into opening infected Word documents which subsequently run malicious macros once the file has been loaded.
By attacking business networks, servers and devices, hackers are accessing secrets and confidential strategies and creating huge losses for the overall economy.