A version of the WannaCry ransomware which does not have a “kill switch” has been found, Motherboard reported.

The WannaCry ransomware had spread around the globe, infecting Windows PCs and locking out their users.

WannaCry exploited a vulnerability in Windows revealed by the “Shadow Brokers”. This came after they claimed they hacked Equation Group, a government hacking group believed to be in the NSA, and discovered the exploit.

Microsoft patched the vulnerability (MS17-010) which WannaCry exploits in March 2017, but many users did not update their systems.

Machines infected included those at UK hospitals, prompting Microsoft to release a free patch for Windows XP and versions of Windows in their end-of-life.

 

WannaCry kill switch

A security researcher announced on Friday they had inadvertently triggered a kill switch for the ransomware.

WannaCry queries a domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, according to Cisco’s Talos Intelligence), and when this domain is live the ransomware stops spreading.

Costin Raiu, director of global research at Kaspersky Lab, told Motherboard that he has now seen samples of the ransomware without the kill switch.

However, the new versions of WannaCry do not spread in the same way as the original version – meaning it does not pose the same threat.

WannaCry