Joon Ian Wong | Quartz | May 15, 2017 | 0 Comments

Just 2 Domain Names Now Stand Between the World and Global Ransomware Chaos

Virgiliu Obada/

A second wave of global infections caused by hackers in a global ransomware attack has been halted. The hackers responsible for the cyberattack, unprecedented in its global scale, demanded ransom be sent to three bitcoin addresses. So far, they have amassed the equivalent of over $42,000 in ransom. But a new “kill switch” by Matthieu Suiche, the founder of cybersecurity startup Comae Technologies, has prevented about 10,000 infected machines from propagating the ransomware since it was flipped roughly 24 hours ago.

The WannaCry ransomware was originally halted by the U.K. cybersecurity researcher who goes by the name MalwareTech. He “accidentally” stopped the rapidly spreading infection by registering a domain name ( he found in WannaCry’s code, without knowing what its effect would be. The domain turned out to be a kill switch left in the code to stop the ransomware’s propagation. (The act of registering the domain name halted the malware’s spread.)

After the initial WannaCry kill switch was found, researchers predicted variants would soon appear that were harder to stop. Suiches analyzed two new variants that appeared yesterday, and found one of them contained a similar kill switch mechanism, but using a different domain name ( He registered the new domain about 20 hours ago, and infection rates have plummeted.

The number of active, infected, machines overall is down to the hundreds now, from about 200,000 machines just two days ago, according to data collected by MalwareTech. In the chart below, “online” indicates whether a machine is still connected to the internet and capable of spreading the malware:

The worst is not quite over. Yet, more variants will appear, and large organizations must scramble to install a fix released by Microsoft to prevent further infections and propagation. Until those variants crop up, as Suiche observed, just two domain names stand between the world and total anarchy on the internet.


Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.