A second version of the devastating WannaCry ransomware — that does not contain the ‘kill switch’ used by a 22-year-old security analyst to shut down many attacks — has been reportedly released by the hackers, putting more computers at risk.
Costin Raiu, of web security firm Kaspersky Lab, that they had seen versions of the malware which did not contain the domain name used to shut down the initial program.
Hidden in the code was an unregistered web address which the virus would always try to contact when first infecting a computer. If it received a reply, it would shut down, but if not it would carry out the attack.
A 22-year-old security analyst known as MalwareTech, who wishes to remain anonymous, registered the website, unknowingly activating the shutdown process.
However he warned that it would be easy for the hackers to change WannaCry’s code to remove the domain name and it now appears that has happened.
Mr Raiu said: “I can confirm we’ve had versions without the kill switch domain.”
MalwareTech also told Hacker News that they had only stopped one version of WannaCry, which is known by various versions of the name.
“WannaCrypt ransomware was spread normally long before this and will be long after, what we stopped was the SMB worm variant,” he said, referring to the program that affected nearly a fifth of NHS Trusts in England and scores of businesses and government departments around the world.
And in a message on Twitter, he wrote: “Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You’re only safe if you patch ASAP.”
He also retweeted a message saying people who were unable to patch their computer could disable Server Message Block version 1 (SMBv1), linking to about how to do this.