The WannaCry global ransomware epidemic does not appear to be weakening anytime soon, as security researchers spotted two new variants of the malware just yesterday.

The ransomware was stopped over the weekend thanks to British cyber security researcher, MalwareTech, when he uncovered a way to create a kill switch within WannaCry.

According to MalwareTech, the ransomware was infecting users because of its connection to an unregistered domain and the kill switch was hardcoded into the malware in case the author wanted to stop it from spreading. This involved a very long, illogical domain name that the malware makes a request to as if it was looking up any website. If the request comes back showing the domain is live then the kill switch kicks in and the malware quits spreading.

MalwareTech implemented the kill switch by registering the domain name and stopping the spread of the malware, costing him only $10.69 to do so. But we’re not out of the woods yet; cyber criminals have already developed two newer versions of the malware without a kill switch built in. While these are said to not have the same impact as the original, it’s important to note that these criminals do not appear to be slowing down.

According to Ryan Kalember, SVP of Cybersecurity at Proofpoint, “These appear to be patched versions of the original malware, rather than recompiled versions developed by the original authors. The first variant, WannaCry 2.0(a), pointed its “kill switch” to a different internet domain—which was also promptly registered and effectively sink-holed, stopping its spread. The second variant, WannaCry 2.0(b), had the kill switch functionality removed, thus enabling it to propagate—but the ransomware payload fails to properly deploy, causing no direct impact to targeted systems.”

Europol has confirmed that this threat is still ongoing and the number of infections will continue to grow, as more than 200,000 victims in 150 countries have been infected already.

At times like this, it’s worth noting the importance of covering the basics of security and adopting existing, known best practice. NNT recommends the CIS critical controls as a basis for sound cyber security. NNT also has several Ransomware Mitigation Kits, comprising the necessary automated vulnerability checks and also the Group Policy/Puppet templates to automatically fix any weaknesses identified. To learn more or to request your own personalized ransomware mitigation kit, click here


Read this article on InfoSecurity Magazine




USA Offices
New Net Technologies Ltd
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
St Albans


Tel: 08456 585 005
Fax: 08456 122 031
NNT Newsletter
Sign up to receive our monthly newsletter covering breaking security news, how-to-tips, trends and commentary directly to your inbox.

Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies Ltd. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies Ltd.
All other product, company names and trademarks are the property of their respective owners.