Soon, after the initial release of the ransomware took place on May 12, 2017, a U.K.-based researcher going by the name of MalwareTech happened to accidentally discover a “kill switch” hardcoded in the malware while trying to analyze the attack. The researcher then registered a domain which the malware seems to ping before infection. This stopped the attack spreading as a worm and acted like a kill switch, thereby instructing the malware to not proceed with the encryption of files, making it inactive. However, the creators behind “WannaCry” have quickly evolved around this domain-based kill switch and altered their code to remove the somewhat bizarre error and restart their ransomware campaign. Security researchers have discovered variants of the Windows malware that either doesn’t have a kill switch, or which ping to a different domain than the one discovered by the researcher. Microsoft had released a software patch (MS17-010) for the security holes on March 14, 2017. Those who applied critical Microsoft Windows patches released in March were protected against this attack, while those who did not are affected, according to the company. Hence, Microsoft has now not only encouraged users to download the fix they released for the vulnerability back in March but also created security patches for several now-unsupported versions of Windows, including Windows XP, Windows 8 and Windows Server 2003. One expects the problem to get worse in this week, as many businesses’ computers might get exposed to unpatched systems making it vulnerable to attack. For those who are not affected, we strongly recommend such users to ensure that their systems are updated with the latest antivirus and anti-malware software along with patches released by Microsoft at the earliest, in order to keep the ransomware attack at bay. Source: Neowin
