He bought this domain name, activating it. And it was the signal for the virus to stop spreading itself because the malware had included a “kill switch” – a way of stopping. It was simple and unexpected. . Ha – ha ! The researcher even had not idea about what will happen activating that domain. MalwareTech decided spent $10.69 (£8) claiming the web address. Another hypothesis was that it was not a kill switch, but a way of detecting whether the malware was being run on a “virtual machine”, a secured, disposable environment that researchers use to inspect viruses. The researcher has been called an “accidental hero.” However, any files that were scrambled by the ransomware will still be held to ransom. “There’s a lot of money in this, there is no reason for them to stop. It’s not much effort for them to change the code and start over,” MalwareTech said.