If you are following the news, by now you might be aware that a security researcher has activated a “Kill Switch” which apparently stopped the WannaCry ransomware from spreading further.
But it’s not true, neither the threat is over yet.
However, the kill switch has just slowed down the infection rate.
Moreover, multiple security researchers have claimed that more samples of WannaCry are in the wild without ‘kill-switch’ domain connect function, referred as WannaCry 2.0, and still infecting unpatched computers worldwide.
So far, Criminals behind WannaCry Ransomware have received nearly 100 payments from victims, total 15 Bitcoins, equals to USD $26,090.
Once infected, WannaCry also scans for other vulnerable computers connected to the same network, as well scans random hosts on the wider Internet, to spread quickly.
The SMB exploit, currently being used by WannaCry, has been identified as EternalBlue, a collection of hacking tools allegedly created by the NSA and then subsequently dumped by a hacking group calling itself “The Shadow Brokers” over a month ago.
“If NSA had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened,” NSA whistleblower Edward Snowden says.
Kill-Switch for WannaCry? No, It’s not over yet!
We have put together more information about this massive ransomware campaign, explaining how MalwareTech accidentally halted the global spread of WannaCry by registering a domain name hidden in the malware.
The above-mentioned domain is responsible for keeping WannaCry propagating and spreading like a worm, as I previously explained that if the connection to this domain fails, the SMB worm proceeds to infect the system.