On 15/05/17 10:25, Paul Bolger wrote: > The next one will have the kill switch encrypted. I think it was discovered by watching the network traffic from an infected computer - the investigator would have noticed the DNS lookup requests for the magic domain. You can't encrypt that. Hamish