WannaCry ransomware is still spreading fast, but ‘kill switch’ defenses hold for now

The WannaCry ransomware sweeping the world hasn’t stopped its progress, but quick action by cybersecurity professionals has at least partially limited the damage it does as it goes.

Over the weekend a “kill switch” was discovered by accident, which doesn’t stop the malware from spreading, but at least prevents it from activating the code that encrypts and ransoms your data.

Researchers at Check Point spotted a new variant of WannaCry that used a different kill switch domain (it pings it and if it finds it isn’t registered, it activates the ransomware; for more details, check out the original post on this behavior). Of course they immediately registered it, preventing the new, mutant malware from activating.

A side benefit of doing so is that the researchers get a ping whenever the ransomware infects a new computer, and in a blog post they revealed that a new infection was popping up every second.

Although those computers won’t have their data ransomed, it’s not difficult to create a new variant (or 10) that may infect at a similar rate using kill switches that haven’t been activated — if they include kill switches at all.

The only real solution here is for vulnerable machines to be inoculated. Considering Microsoft took the rare step of issuing a patch for old, unsupported versions of Windows that are nevertheless found in the wild, there’s no excuse for not doing so.