Odds and Ends 

WannaCry ransomware is still spreading fast, but kill switch defenses hold for now

The WannaCry ransomware sweeping the world hasnt stopped its progress, but quick action by cybersecurity professionals has at least partially limited the damage it does as it goes.

Over the weekend a kill switch was discovered by accident, which doesnt stop the malware from spreading, but at least prevents it from activating the code that encrypts and ransoms your data.

Researchers at Check Point spotted a new variant of WannaCry that used a different kill switch domain (it pings it and if it finds it isnt registered, it activates the ransomware; for more details, check out the original post on this behavior). Of course they immediately registered it, preventing the new, mutant malware from activating.

A side benefit of doing so is that the researchers get a ping whenever the ransomware infects a new computer, and in a blog post they revealed that a new infection was popping up every second.

Although those computers wont have their data ransomed, its not difficult to create a new variant (or 10) that may infect at a similar rate using kill switches that havent been activated if they include kill switches at all.

The only real solution here is for vulnerable machines to be inoculated. Considering Microsoft took the rare step of issuing a patch for old, unsupported versions of Windows that are nevertheless found in the wild, theres no excuse for not doing so.

Read more: https://techcrunch.com/2017/05/15/wannacry-ransomware-is-still-spreading-fast-but-kill-switch-defenses-hold-for-now/

Related posts