Expert warns new versions of ransomware software that crippled UK hospitals are already being written without a kill switch

  • Hospitals braced for mayhem following the crippling WannaCry Ransomware cyber attack.
  • Fears cars, energy networks and medical devices like heart monitors could be hit.
  • NHS staff in some parts of the UK have even been told not to switch on their PCs.
  • Patients warned not to go to their GP surgery unless it is absolutely necessary.
  • 22-year-old Briton prevented more than 100,000 PCs being infected.
  • NHS sent a ‘patch’ which could have protected them from hack two weeks ago.
  • 225,000 victims in 150 countries have been in the biggest hack ever launched.
  • Hackers paid around $54,000 (£41,795) in ransom money since launch day of the attack.



A second version of the devastating WannaCry ransomware – that does not contain the “kill switch” used by a 22-year-old security analyst to shut down many attacks – is set to be released by the hackers, putting more computers at risk.

Costin Raiu, of web security firm Kaspersky Lab, told Hacker News that they had already seen versions of the malware that did not contain the website domain name used to shut down the program, but he later backtracked saying “my bad” and this was not actually the case.

However, experts warned it was likely only a matter of time before this did happen and urged people to install a security patch released especially by Microsoft.

Hidden in the code was an unregistered web address, which the virus would always try to contact when first infecting a computer. If it received a reply, it would shut down, but if not it would carry out the attack.

A 22-year-old security analyst known as MalwareTech, who wishes to remain anonymous, registered the website, unknowingly activating the shutdown process.

However, he warned that it would be easy for the hackers to change the coding in a “worm” used to infect computers with WannaCry to remove the domain name.

MalwareTech also told Hacker News that they had only stopped one version of WannaCry, which is known by various versions of the name.

“WannaCry ransomware was spread normally long before this and will be long after, what we stopped was the SMB worm variant,” he said, referring to the program that affected nearly a fifth of NHS Trusts in England and scores of businesses and government departments around the world.

And in a message on Twitter, he wrote: “Version 1 of WannaCry was stoppable but version 2.0 will likely remove the flaw. You’re only safe if you patch ASAP.”

He also retweeted a message saying people who were unable to patch their computer could disable Server Message Block version 1 (SMBv1), linking to Microsoft’s instructions about how to do this.

Source 1 | Source 2

Start typing and press Enter to search

FREE For 2 Weeks. Then, Under $2 per day . Cancel Any Time!
This is default text for notification bar