The scumbags behind the release of WannaCry ransomware hit again with WannaCry 2.0; this time around, specialists managed to cut their new venture short, quickly.
Just like with the first ransomware wave, the second one had a built-in “kill switch,” that was enabled via the query of a domain.
How the thwarting works: If the domain exists, it’d indicate to the malware that it was being sandboxed, and it aborts its mission, hence the choice of seemingly “random” letters.
The new domain is another string of “junk letters” : ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Registered at GoDaddy by the same security expert, the domain’s status ruins the cybercriminal’s plans for more blood money.
So far, more than $14,000 dollars have been paid in extortion payments by 63 victims. That’s more than double up from the $6,300 total, two days ago.
Let’s hope that the FBI and USCYBERCOM make some arrests soon and puts those scumbags behind bars for a long time.