A second wave of global infections caused by hackers in a global ransomware attack has been halted. The hackers responsible for the cyber attack, unprecedented in its global scale, demanded ransom be sent to three bitcoin addresses. So far they have amassed the equivalent of over $42,000 in ransom. But a new ”kill switch” by Matthieu Suiche, the founder of cybersecurity startup Comae Technologies, has prevented about 10,000 infected machines from propagating the ransomware since it was flipped roughly 24 hours ago.
The WannaCry ransomware was originally halted by the UK cybersecurity researcher who goes by the name MalwareTech. He “accidentally” stopped the rapidly spreading infection by registering a domain name (9iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) that he found in WannaCry’s code, without knowing what its effect would be. The domain turned out to be a kill switch left in the code to stop the ransomware’s propagation. (The act of registering the domain name halted the malware’s spread.)
After the initial WannaCry kill switch was found, researchers predicted that variants would soon appear that were harder to stop. Suiches analyzed two new variants that appeared yesterday, and found that one of them contained a similar kill switch mechanism, but using a different domain name (ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com). He registered the new domain about 20 hours ago, and infection rates have plummeted.
The number of active, infected, machines overall is down to the hundreds now, from about 200,000 machines just two days ago, according to data collected by MalwareTech. In the chart below, “online” indicates whether a machine is still connected to the internet and capable of spreading the malware:
The worst is not quite over. Yet more variants will appear, and large organizations must scramble to install a fix released by Microsoft to prevent further infections and propagation. Until those variants crop up, as Suiche observed, just two domain names stand between the world and total anarchy on the internet.