WannaCry ransomware loses its kill switch, so watch out

It'll take a lot more than a lucky break to stop the malware that has hit more than 200,000 computers worldwide -- so far.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read
Watch this: Why the WannaCry cyberattack is so bad, and so avoidable

In the same way that bacteria mutate to become resistant to antibiotics, so has the WannaCry virus.

That malware was behind the massive ransomware attack that started Friday, hitting more than 150 countries and 200,000 computers, shutting down hospitals, universities, warehouses and banks.

The attack locked people out of their computers, demanding they pay up to $300 worth of bitcoin apiece or risk losing their important files forever. The attack quickly spread across the world, until a cybersecurity researcher accidentally found a kill switch in the code -- an unregistered domain name that he purchased for $10.69 to halt the WannaCry hack, at least temporarily.

Hackers have since updated the ransomware, this time without the kill switch. New variations of the ransomware have popped up without the Achilles heel and bearing the name Uiwix, according to researchers at Heimdal Security.

WannaCry harks back to an earlier era of computing insecurity, when viruses routinely swept across the internet, causing widespread disruption and spurring desperate fixes that befit their often ominous names: Mydoom, BadTrans, Sobig, Netsky. Ransomware puts a new spin on that threat, and it's a growth industry. Security company Symantec says that ransomware attacks jumped by more than one-third to over 483,800 incidents in 2016.

Over the years, Windows PCs have been the battleground on which these attacks have played out, as hackers have exploited vulnerabilities in what for decades was the mostly widely used operating system. On Sunday, the top legal officer at Windows maker Microsoft criticized governments for stockpiling software flaws and not warning companies, calling the WannaCry attack a "wakeup call."

The new ransomware demands 0.11943 bitcoin, or about $218. It uses all the same exploits as the WannaCry ransomware, including EternalBlue, a vulnerability first discovered by the NSA and leaked by the hacker group Shadow Brokers in April.

"These appear to be 'patched' versions of the original malware, rather than recompiled versions developed by the original authors," said Ryan Kalember, senior vice president of cybersecurity strategy at Proofpoint.

He predicted that new, mutated variants of the global virus will continue to pop up at an alarming rate. In the last 14 months, Kalember said, there have been new variants of ransomware every two to three days.

Although Microsoft patched the vulnerability in March, the ransomware preys on older systems, like those at National Health Service hospitals in England, which heavily rely on Windows XP.

Organizations have been urged to update their systems immediately to ensure that they are not affected by the ransomware.

As the ransomware continues to spread, you can follow along on a live tracking map from MalwareTech.

First published May 15 at 8:26 a.m. PT.
Updated 9:05 a.m. PT: Added background information.

Virtual reality 101: CNET tells you everything you need to know about VR.

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.