
WannaCrypt ransomware has resumed spreading - rbanffy
https://motherboard.vice.com/en_us/article/round-two-wannacry-ransomware-that-struck-the-globe-is-back
======
skamoen
There seems to be a lot of confusion about versions without killswitches. This
guy says he made a mistake:
[https://twitter.com/craiu/status/863718940870139904](https://twitter.com/craiu/status/863718940870139904)

~~~
viraptor
Interesting for context:

[https://twitter.com/marksteward/status/863747839117201409](https://twitter.com/marksteward/status/863747839117201409)

New domains are just trivial modifications of the old one. Still hardcoded.
That's unlikely to be a new version, but rather people playing around.

------
emersonrsantos
This guy just found a new kill switch and registered the domain already:

[https://twitter.com/msuiche](https://twitter.com/msuiche)

He's talking about versions with nop'ed kill switches.

EDIT: not nop, but with a jnz +2, still similar to a nop-nop.

------
ivanbakel
Was only a matter of time. What's it doing to detect anti-virus sandboxing
now, if that was the original purpose of the fixed domain?

