top of page

Hackers de-activating WannaCry ransomware kill switch - Prepare for a new attack now!

On Friday, May 12, the largest ransomware attack ever recorded began breaking headlines. What started with one unwitting computer user in Europe soon spread to more than 200,000 machines worldwide - ultimately affecting Windows computers in over 150 countries, including South Korea, Germany, China, Japan and Britain.

This new strain of ransomware, called WannaCry or WanaCrypt0r 2.0, was unlike anything ever seen before. By convincing someone to open an email attachment with a compressed zip folder, hackers were able to unleash WannaCry to the world. And stopping it seemed nearly impossible.

Thankfully, a young 22-year-old self-taught programmer named Marcus Hutchins discovered a random kill switch discovered in the code. By registering the domain name,, Hutchins was able to effectively halt the distribution of this rapidly-spreading ransomworm. That's because WannaCry was programmed to check this address before infecting a new machine to see if the domain was available.

Now, however, Hutchins is reporting that traffic on the domain is picking up. And based on the activity, he believes that the hackers are trying to find a workaround to this kill switch by overwhelming the domain name with a DDoS attack.

A DDoS attack is when hackers infect millions of internet-connected devices with malware that allows them to be manipulated and formed into a gadget army called a "botnet." These botnets are then used to send simultaneous signals that overwhelm a targeted system. In this case, the target is Hutchins' domain name. But back in October, a DDoS attack was used to shut down the internet for millions of Americans living on the East Coast.

Another attack is coming

This news is alarming because it means that the hackers are actively trying to launch the attack once again. If successful, the next wave could be even worse. That's why, if you haven't already patched your system to fix the flaw WannaCry exploited, you need to do it right now! Here are the steps you need to take to effectively fight back against WannaCry, and other forms of ransomware:

1. Install Microsoft's patch and system updates

WannaCry ransomware exploited a weakness in Windows called "EternalBlue." Microsoft knew of this vulnerability months before the attack and sent a patch for it in a Security Update back in March. We now know that systems running Windows 7 are particularly vulnerable and need to be updated. The specific update you're looking for is MS17-010. To get this patch, simply run a software update on your PC.

To update Windows 10 follow these steps:

1 - On Windows 10, click Start (Windows logo). 2 - Choose Settings. 3 - Select Update & Security. 4 - Then on the Windows Update section, click on Advanced Options. (Note: the "Windows Update" section is also handy for showing you updates that are currently being downloaded or applied.) 5 - Under Advanced Options, just make sure the drop down box is set to Automatic. To update Windows 7 follow these steps: 1 - Click the Start menu button. 2 - Click All Programs. 3 - Scroll through the list and click Windows Update. The Windows Update window will open. 4 - Click Check for Updates. 5 - Click Install Updates. To update other versions of Windows: Unfortunately, some older versions of Windows operating systems are no longer supported and cannot install this Critical Security Update. But, the good news is, Microsoft released an emergency patch specifically for WannaCry since the virus is so wide-spreading. This means, if you are running Windows XP, Windows 8 or Windows Server 2003, you'll need a different patch. Click here to download the available Security Update for these older Windows versions. 2. Backup your data Typically, we'd recommend that you install a strong antivirus software on your computer. But, the truth is, in instances such as this, many antivirus programs fail to catch the virus. It's still best if you have an antivirus installed, however, you also need to backup all of the data on each of your devices. This way, if ransomware hits, you're protected no matter what! Plus, with WannaCry ransomware, experts are saying even if you do pay the ransom there is very little chance you will get your data back which makes backup that much more important. That's why we recommend IDrive because it allows you to backup all of your devices to a single account, and all for around $6 per month. IDrive's Universal Backup covers all of the operating systems including Windows, Mac OS, iOS, Android and Windows Mobile. Plus, you can take advantage of the social media backup tool, and create a safe archive for the posts, photos and videos you've shared on platforms like Instagram and Facebook. And as a Kim Komando listener, you can protect all of your devices at an extremely low cost! Click here to save 50 percent on 1 TB of cloud backup storage. Just be sure to use promo code KIM at checkout! 3. Secure your router Since hackers are attempting a DDoS attack to get around the WannaCry kill-switch, it's probably a good idea to take a few minutes to secure your home Wi-Fi network. First, check to see if your router is outdated or known to have security issues. Next, update your router's firmware. And finally, change your router's password. Beyond that, you need to be smart with your web-connected devices. The steps it takes to secure these devices vary from product to product, so it's a good idea to reach out to each of the manufacturers - but, here's a general place to get started. What to do if already infected If your device has already been infected with ransomware like WannaCry, the most important thing to do is disconnect it from the internet. This will prevent the virus from spreading to other machines on your network. Next, you should report the incident to the authorities so they can try tracking down the person who is responsible. Ransomware attacks should be reported to your local FBI field office. To find your local office click here. You should also file a complaint with the Internet Crime Complaint Center, at, with the following details: 1 - Date of Infection 2 - Ransomware Variant (identified on the ransom page or by the encrypted file extension) 3 - Victim Company Information (industry type, business size, etc.) 4 - How the Infection Occurred (link in email, browsing the internet, etc.) 5 - Requested Ransom Amount 6 - Actor’s Bitcoin Wallet Address (may be listed on the ransom page) 7 - Ransom Amount Paid (if any) 8 - Overall Losses Associated with a Ransomware Infection (including the ransom amount) 9 - Victim Impact Statement Once you've disconnected your computer and reported the attack, it's important that you do not pay the ransom! Giving in to the hacker's demands only rewards the behavior and keeps the scam going. If you've taken the steps mentioned above, you can wipe your gadget and restore it back to the factory settings. This should remove the malware installed on it; however, it will also delete all your files. But, if you've backed up your devices with IDrive, you can easily recover all of your files, photos and documents, and install them on your wiped (or new) device. This is why we say backing up your gadgets is so important. Click here for more information about IDrive, and save 50 percent when you use promo code KIM at checkout!

bottom of page