The WannaCry global ransomware epidemic does not appear to be weakening anytime soon, as security researchers spotted two new variants of the malware just yesterday.

The ransomware was stopped over the weekend thanks to British cybersecurity researcher, MalwareTech, when he uncovered a way to create a kill switch within WannaCry.

According to MalwareTech, the ransomware was infecting users because of its connection to an unregistered domain and the kill switch was hardcoded into the malware in case the author wanted to stop it from spreading. This involved a very long, illogical domain name that the malware makes a request to as if it was looking up any website. If the request comes back showing the domain is live then the kill switch kicks in and the malware quits spreading.

MalwareTech implemented the kill switch by registering the domain name and stopping the spread of the malware, costing him only $10.69 to do so. But we’re not out of the woods yet; cybercriminals have already developed two newer versions of the malware without a kill switch built in. While these are said to not have the same impact as the original, it’s important to note that these criminals do not appear to be slowing down.

According to Ryan Kalember, SVP of Cybersecurity at Proofpoint, “These appear to be patched versions of the original malware, rather than recompiled versions developed by the original authors. The first variant, WannaCry 2.0(a), pointed its “kill switch” to a different internet domain—which was also promptly registered and effectively sink-holed, stopping its spread. The second variant, WannaCry 2.0(b), had the kill switch functionality removed, thus enabling it to propagate—but the ransomware payload fails to properly deploy, causing no direct impact to targeted systems.”

Europol has confirmed that this threat is still ongoing and the number of infections will continue to grow, as more than 200,000 victims in 150 countries have been infected already.

At times like this, it’s worth noting the importance of covering the basics of security and adopting existing, known best practice. NNT recommends the CIS critical controls as a basis for sound cybersecurity. NNT also has several Ransomware Mitigation Kits, comprising the necessary automated vulnerability checks and also the Group Policy/Puppet templates to automatically fix any weaknesses identified. To learn more or to request your own personalized ransomware mitigation kit, click here


Read this article on InfoSecurity Magazine




The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.