WannaCry – New Kill-Switch, New Sinkhole

May 15, 2017

Check Point Threat Intelligence and Research team has just registered a brand new kill-switch domain used by a fresh sample of the WannaCry Ransomware.

In the last few hours we witnessed a stunning hit rate of 1 connection per second.

Registering the domain activated the kill-switch, and these thousands of to-be victims are safe from the ransomware’s damage.

Our research shows that the kill-switch works the same as in earlier versions, and the rest of the code is similar to the older versions.

New kill-switch: ayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf[.]com 

MD5: 4287E15AF6191F5CAB1C92FF7BE8DCC3




  • Check Point Research Publications
  • Global Cyber Attack Reports
  • Threat Research
February 17, 2020

“The Turkish Rat” Evolved Adwind in a Massive Ongoing Phishing Campaign

  • Check Point Research Publications
August 11, 2017

“The Next WannaCry” Vulnerability is Here

  • Check Point Research Publications
January 11, 2018

‘RubyMiner’ Cryptominer Affects 30% of WW Networks