Park worked under titles of “developer” and “online game developer,” listing the ability to code in Java, JSP, PHP, Flash, but also Visual C++, the language in which most Lazarus Group malware was written in.
After finding the reference to this domain in the Trojan’s code, the researcher registered the domain, thus suspending the attack. In the remainder of the day, the domain was addressed tens of thousands of times, which means that tens of thousands of computers were spared.
Unfortunately, there is currently no way to decrypt files that have been encrypted by WannaCry, however there are researchers right now totally dedicated to this kind of cyber threat.
The attack started on Friday, 12 May 2017, infecting more than 230,000 computers in 150 countries, with the software demanding ransom payments in the cryptocurrency Bitcoin in 28 languages.