The WannaCry global ransomware epidemic does not appear to be weakening anytime soon, as security researchers spotted two new variants of the malware just yesterday.

The ransomware was stopped over the weekend thanks to British cybersecurity researcher, MalwareTech, when he uncovered a way to create a kill switch within WannaCry.

According to MalwareTech, the ransomware was infecting users because of its connection to an unregistered domain and the kill switch was hardcoded into the malware in case the author wanted to stop it from spreading. This involved a very long, illogical domain name that the malware makes a request to as if it was looking up any website. If the request comes back showing the domain is live then the kill switch kicks in and the malware quits spreading.

MalwareTech implemented the kill switch by registering the domain name and stopping the spread of the malware, costing him only $10.69 to do so. But we’re not out of the woods yet; cybercriminals have already developed two newer versions of the malware without a kill switch built in. While these are said to not have the same impact as the original, it’s important to note that these criminals do not appear to be slowing down.

According to Ryan Kalember, SVP of Cybersecurity at Proofpoint, “These appear to be patched versions of the original malware, rather than recompiled versions developed by the original authors. The first variant, WannaCry 2.0(a), pointed its “kill switch” to a different internet domain—which was also promptly registered and effectively sink-holed, stopping its spread. The second variant, WannaCry 2.0(b), had the kill switch functionality removed, thus enabling it to propagate—but the ransomware payload fails to properly deploy, causing no direct impact to targeted systems.”

Europol has confirmed that this threat is still ongoing and the number of infections will continue to grow, as more than 200,000 victims in 150 countries have been infected already.

At times like this, it’s worth noting the importance of covering the basics of security and adopting existing, known best practice. NNT recommends the CIS critical controls as a basis for sound cybersecurity. NNT also has several Ransomware Mitigation Kits, comprising the necessary automated vulnerability checks and also the Group Policy/Puppet templates to automatically fix any weaknesses identified. To learn more or to request your own personalized ransomware mitigation kit, click here


Read this article on InfoSecurity Magazine




The Most Powerful & Reliable Cybersecurity Products
Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]


UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Sans Institute Now Certified IBM Security
Copyright 2021, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.