Hackers that uses tools allegedly stolen from the NSA and uses it set a
ransomware do not make mistakes.
The fact that one have noticed that WannaCry ransomware had a turnoff switch, I assume that it was deliberately planned like that. Waiting to see if and when someone will reverse engineer the code to find it. Why? I can just guess that they wanted to see how fast one will "catch" them, or better, to understand how they need to react to make it more sophisticated.
So they did. I have learned today that WannaCry 2.0 is out there without the kill switch, so it is on the loose again.
According to officials that ransomware has affected some 75000 PCs in just 24hrs, that is 22,500,000$ reasons why to try and improve it. You got it right, the profit potential after 24 hours were twenty-two million US dollars (paid with untraceable Bitcoin). How many paid? No one knows...
when it will end? for sure the epidemic infection will be reduced once IT organizations will patch and block the SMB protocol in their networks, as it carried this virus.