top of page
Security Operations Team

WCRY Killswitch Engaged, Killswitch Removed


In case you haven't been following the recent news a new variant of malware known as WCRY has been causing havoc in several countries with limited exposure so far in the US. What is interesting is that the author of the malware included a killswitch that was activated by a security researcher as soon as he identified it. This slowed the initial infection but has since been removed with additional samples being spotted that do not require the domain that was sinkholed to infect victims.

So hats off to MalwareTech for the quick thinking that slowed the initial issue. The NSA and FBI are currently working to identify the actors involved with this attack that has affected over 170,000 computers so far and growing quickly. Roughly 100 new computers are being infected every minute which is by far more than any other recent botnet that we have observed.

Jigsaw Security is tracking hosted copies of WannaCry WCRY variants

So even though the killswitch was activated slowing the initial attack it has since been removed and new variants are being seen.

Read our previous post here.

Jigsaw Customers have been protected against this attack since February 2017 based on indicators we already had in our endpoint protection.

Reference: Below is a really good explanation on the current situation

18 views0 comments

Recent Posts

See All
bottom of page