Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch

Remember that "kill switch" which shut down the WannCry ransomware? An anonymous reader quotes Motherboard: Over Friday and Saturday, samples of the malware emerged without that debilitating feature, meaning that attackers may be able to resume spreading ransomware even though a security researcher cut off the original wave. "I can confirm we've had versions without the kill switch domain connect since yesterday," Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on Saturday... Another researcher confirmed they have seen samples of the malware without the killswitch.

It was only a matter of time...

[toonces33]

The person who found the previous "kill switch" believes that it was actually an anti-sandboxing feature, not a kill switch.

Why couldn't the NSA find/activate kill switch???

[divec]

What does it say about the NSA, if lone security researcher finds and activates a kill switch before they do?

So they can snoop on and store an entire nation's web traffic and email, but they can't analyse a small piece of malware, notice it queries some domain name, and then discover (in a test environment) that the existence of the domain stops the malware from propagating? And then activate the domain to give the world a few hours respite?

Sure, now there's a new version without a kill switch, but the brief respite will have given millions of people the opportunity to secure their machines. It seems a pretty pathetic state of affairs when the NSA pours vast sums of money into nefarious snooping, yet can't keep pace with a single security researcher when it comes to *actually* helping keeping the nation secure.

Same goes for other countries' intelligence agencies, e.g. GCHQ.