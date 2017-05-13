Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
Security Windows Government Microsoft

Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch (vice.com) 21

Posted by EditorDavid from the wanna-cry-more? dept.
Remember that "kill switch" which shut down the WannCry ransomware? An anonymous reader quotes Motherboard: Over Friday and Saturday, samples of the malware emerged without that debilitating feature, meaning that attackers may be able to resume spreading ransomware even though a security researcher cut off the original wave. "I can confirm we've had versions without the kill switch domain connect since yesterday," Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on Saturday... Another researcher confirmed they have seen samples of the malware without the killswitch.

Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch More | Reply

Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch

Comments Filter:

  • It was only a matter of time... (Score:3)

    by toonces33 ( 841696 ) on Saturday May 13, 2017 @07:02PM (#54412051)

    The person who found the previous "kill switch" believes that it was actually an anti-sandboxing feature, not a kill switch.

    • can i have a link to where you saw this please?

      • https://www.malwaretech.com/20... [malwaretech.com]

        The reason which was suggested is that the domain is a “kill switch” in case something goes wrong, but I now believe it to be a badly thought out anti-analysis.

        In certain sandbox environments traffic is intercepted by replying to all URL lookups with an IP address belonging to the sandbox rather than the real IP address the URL points to, a side effect of this is if an unregistered domain is queried it will respond as it it were registered (which should never h

  • Lets hope that this person is doing this for awareness. and hopefully he makes his point. or else sorry you put a critical on the internet without knowledge of how the internet works.

  • Is really going to hurt then.. I doubt the world has had time to patch everything...

    • Maybe some are patched. Some are taken offline or air-gapped until patched. Some might have SMB turned off or blocked by the firewall. IT departments will be specifically watching for TOR connections, and might actually try blocking them. Yeah, there will be some new infections. But the first wave gave people a wake-up-call that this one was serious.

  • I've tried everything to get this to run on my Linux Mint box (including installing WINE) and it just won't do anything.

  • Even though my main machine is mac, and my bootcamp and windows secondary machine are on Win10 and Fully patched, and my synology NAS has SMB v1 disabled, I may as well disable SMBv1 across the whole fleet.

    God have mercy on all morons who are still running unpatched machines...

Slashdot Top Deals

"I've seen the forgeries I've sent out." -- John F. Haugh II (jfh@rpp386.Dallas.TX.US), about forging net news articles

Close