Monday is going to suck for some folks\u2014those who run old, unsupported Windows systems that are vulnerable to WannaCry ransomware if they didn\u2019t put in some weekend time applying security updates.In response to the massive global ransomware attack on Friday, Microsoft took the \u201chighly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.\u201d Europol chief Rob Wainwright told the BBC, \u201cCompanies need to make sure they have updated their systems and \u2018patched where they should\u2019 before staff arrived for work on Monday morning.\u201dYes, it\u2019s true that a security researcher going by MalwareTech activated a \u201ckill switch\u201d by registering a domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) that WannaCry checked to make sure was unregistered before starting to encrypt files. Experts suggested the ransomware authors could simply change domains so WannaCry would work again and keep spreading. MalwareTech warned:Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You're only safe if you patch ASAP.\u2014 MalwareTech (@MalwareTechBlog) May 14, 2017Sure enough, a different variant of the ransomware was coded to contact a different domain. Fortunately, security researchers @benkow_ spotted the domain and Matthieu Suiche registered the kill switch Sunday. Suiche added:I highly suspect there are multiple variants in the wild with multiple kill switches! #WannaCry Good news is: there are still kill switches!MalwareTech confirmed the \u201cnew kill switch\u201d had been transferred to his sinkhole.On Sunday, Suiche warned, \u201cUntil people update and upgrade their operating systems, they are still at threat. The fact I registered the new kill-switch is only a temporarily relief which does not resolve the real issue, which is that people are running out-of-support Operating Systems.\u201dIt is puzzling as to why a new version would still contain a kill switch, since the WannaCry outbreak reportedly infected between Avast\u2019s count of 126,000 machines in 104 countries and Europol\u2019s count of more than 200,000 victims in 150 countries, yet the ransomware author(s) had extorted relatively little money.As of 11 a.m. ET on Sunday, May 14, the three Bitcoin wallets receiving ransomware payments from the first version of WannaCry had received 8.78 ( \u2248 $15,837.8), 6.00 (\u2248 $10,823.1) and 4.33 (\u2248 $7,810.67) total Bitcoin payments. In total, the three wallets accumulated 19.11 BTC or \u2248 $34,471.57. Demanded ransom amounts started at $300 before being raised to $600.MalwareTech told the BBC, \u201cThere\u2019s a lot of money in this. There\u2019s no reason for them to stop. It\u2019s not really much effort for them to change the code and then start over. So there\u2019s a good chance they are going to do it \u2026 maybe not this weekend, but quite likely on Monday morning.\u201dEuropol is reportedly working with the FBI to hunt down those responsible for the Wanna Decryptor. They suspect "more than one person" to be involved in the ransomware attacks.No kill switch variants of WannaCry ransomwareBut don\u2019t go feeling \u201csafe\u201d because there are also WannaCry variants that have no kill switches. Costin Raiu, director of global research and analysis at Kasperksy Lab, told Motherboard on Saturday, \u201cI can confirm we\u2019ve had versions without the kill switch domain connect since yesterday.\u201dA patched (non-recompiled) variant with *NO* kill-switch is out there too. Patched jump and zeroed the URL. See screenshots below. #WannaCry pic.twitter.com\/RliIRigXwH\u2014 Matthieu Suiche (@msuiche) May 14, 2017You can be mad at the NSA if you want to or the Shadow Brokers, which released the NSA hacking tools, or even the group behind WannaCry for finding a way to leverage the suspected NSA hacking tools in their ransomware code, but don\u2019t expect this to be the last time those exploits will be used. As Proofpoint security researcher Darien Huss told the BBC, \u201cI highly suspect that, with the amount of coverage that this incident is getting, there are probably already people that are working to incorporate the exploit that was used for spreading.\u201dThe best thing you can do if you are running versions of Windows that no longer receive mainstream support is to take advantage of Microsoft\u2019s offer of out-of-bound security fixes and patch now.Microsoft said, \u201cThis decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.\u201dPlenty of people have covered the huge range of victims, such as FedEx, hospitals, telecoms, banks and more. You can check out the live WannaCry (WannaCrypt) map showing infection attempts in real time. I\u2019m warning you that it\u2019s mesmerizing, so don\u2019t go into a trance if you need to be patching.Let\u2019s hope on Monday that the live map doesn\u2019t resemble the one from Friday.