Some of earlier analysis has been redacted and rewritten, as more is learned.  The discovery of “kill switch” c:\windows\perfc is technically a “prevention switch” for only a specific server or PC (i.e., not a kill switch that stops the full outbreak) … Corporate users need to get patched up on MS17-010, keep A/V updated, get on modern O/S, eliminate SMB1 protocol completely, etc.   Further evolution of this attack vector with new variants is almost certain in future.

Create a “read-only” file in c:\windows called perfc with no extension.  If malware finds c:\windows\perfc it won’t run on that specific machine. Administrative privileges are required.  The new text file can be created with NOTEPAD and saved as perfc, (remove .txt file extension at the end), then save to c:\windows and finally set attributes as “read-only“.