Pages:
Author

Topic: Monitoring WannaCry hackers' bitcoin addresses in real time - page 3. (Read 22954 times)

legendary
Activity: 1878
Merit: 1038
Telegram: https://t.me/eckmar
Btw, here are some funny transactions made to the wannacry addresses

1) https://blockchain.info/tx/4dcf70c864172869c0950e4e24b9f1a7ff410417411a2a2d0ede85b6281b5a67
    Someone sent 0.00006 btc from an address starting with 1FuckYou....
2) https://blockchain.info/tx/96015c757e440554005965b97349234dcae8d4c0f8cc3410a0743cbcc9bacd6c
    Look at this transactions' sender's addresses, they seem to send a message to the hackers :
    "1You....
     1Are....
     1A......
     1Cunt..."

It is really funny when you post it here but tbh hackers probably didn't even notice it...
full member
Activity: 189
Merit: 100
Legally-Binding Smart Contracts for all


Do you mean there is not regulation put in place to protect the patient records in the case the place gets hacked or burnt down? No off-site backups? that is a terrible business practice to begin with. Fair enough if it was a local business, but you are dealing with highly confidential patient records.

I guess, there are no such regulations

Though I don't live in Britain and can't know for sure. I just assume that it would be too expensive to provide every hospital with the means to back up their patients' records as well as hire highly qualified staff to take care of security aspects of these records (including their reliable storage). Apart from that, I try to stay away from medical services on the whole unless I know what I need and I actually need that (I don't need much, anyway)

I see your point. I wonder how many other organisations or entities have issues such as theirs. I cant believe that despite their warning, they still let it be. Cheers mate.
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
I thought they'd have gained a lot more bitcoin's by now. I'm assuming the number of payments will rise dramatically as we get near some of the deadlines they set for ransoms to be paid?

The NHS can't just lose patients records by not paying.....can they?

If they do not have any backups, then yes, they can. But i cannot imagine an institution as large as theirs not having backups. There is no way to get past the encryption unless you pay them - as far as i know no-one has managed to get past it

NHS just like any other local health system is not like a company or corporation

It is basically composed of (mostly) independent hospitals, dentistries, pharmacies, asylums (yeah), and similar entities. Obviously, they don't keep their patients data in a centralized way since that would likely be prohibitively expensive. The best analogy to such a system, as to me, would be a banking system which is made up of a Central bank and many private banks which are mostly on their own, i.e. they are free to decide how they organize their data storage and such things

Do you mean there is not regulation put in place to protect the patient records in the case the place gets hacked or burnt down? No off-site backups? that is a terrible business practice to begin with. Fair enough if it was a local business, but you are dealing with highly confidential patient records.

I guess, there are no such regulations

Though I don't live in Britain and can't know for sure. I just assume that it would be too expensive to provide every hospital with the means to back up their patients' records as well as hire highly qualified staff to take care of security aspects of these records (including their reliable storage). Apart from that, I try to stay away from medical services on the whole unless I know what I need and I actually need that (I don't need much, anyway)
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
My issue with this whole thing is that how does the hacker know who paid. How can they actually decrypt said computer. The hacker would need access to the given computer to do anythinf I would imagine. Unless they can  somehow use a kill switch?
I have done a little bit of research on this and the best I can come up with it that the computer is encoded in the Bitcoin address (one of three) and the amount of the ransom (lower bits of the ransom amount).  Look at the ransom amounts here:

https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet

They are all a little bit different.

If this is true then paying the wrong amount would not work as the amount would not decode properly.

So, my next best idea is that the infected computer is in contact with the hackers over TOR.

Bottom line:  I really do not know, I am still trying to figure that out.
legendary
Activity: 1442
Merit: 1008
Could anyone here explain or maybe come up with some techniques these guys could possibly use to cash out?
Possible way for them to cashout :

1. Send those bitcoin to different other addresses in small batch using bitcoin mixing/tumbling services.
2. Re-mixing those mixed bitcoin and sending them to single address to hold for long term.
3. Wait till all this mesh up and hype slows down, than move those coin to different reputable exchange platforms and exchanging them in small amount each day to stay within limit of unverified account.
4. They may also sell those bitcoin in face to face deals in cash to remain out of government radar.

Thanks for the reply. I don't understand number 5 though. Do you mean that they will receive payments in cash in real life and then transfer the BTC to the buyer's adress? If so, that seems to make no sense to me. The bitcoins are most likely being tracked and I assume this will become the buyer's problem, and why would the buyer want that? Unless the buyer doesn't know about it...
there is no number 5 btw  Cheesy , when you send the coin you can always mix it even though you receieve the cash face to face , and first of all a lot of people believe that bitcoin are anonymous, the transaction are anonymous but actually it's fully traceable, there is blockchain as public data, everyone can see it. just the matter how you could trace it, there is a lot of way too, but of course it wouldn't be easy to do that especially when you have mixed it over and over again. wish sooner or later the wannacry inventor get caught through tracked bitcoin address , and we can show to the world that bitcoin are not a currency for criminals!
hero member
Activity: 700
Merit: 500
My issue with this whole thing is that how does the hacker know who paid. How can they actually decrypt said computer. The hacker would need access to the given computer to do anythinf I would imagine. Unless they can  somehow use a kill switch?
sr. member
Activity: 404
Merit: 252
I think the ones that paid had very important data on their disks and could not have any downtime if it removed automatically after payment. Maybe 1 or 2 dumb people. For a ransomware virus they collected yea not much. I think a global automatic mining virus does a lot better than this.

I did not receive any calls here about people infected also here the people will not open anything weird so fast. I will send out a warning for future infections like this I think that's a smart idea.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
2) Get Paid antivirus like ESET
3) Have brain

Even free solutions like Comodo would do if you have the nerve for it, since it will run in sandbox everything "untrusted".
Brain and nerves are necessary to check what's blocked and unblock the apps you really use and need and also remove the apps that should not be there / run.
legendary
Activity: 1878
Merit: 1038
Telegram: https://t.me/eckmar
WannaCry 2.0 is out and, guess what there is no killswitch anymore  Grin

If you wanna protect against such threats, check out https://bitcointalksearch.org/topic/m.18888453
Its impossible to get infected with WannaCry if you follow the whole guide

I'll tell you this for free.
1) Update your Windows to latest version
2) Get Paid antivirus like ESET
3) Have brain

And that should cover it about all...
full member
Activity: 189
Merit: 100
Legally-Binding Smart Contracts for all
I thought they'd have gained a lot more bitcoin's by now. I'm assuming the number of payments will rise dramatically as we get near some of the deadlines they set for ransoms to be paid?

The NHS can't just lose patients records by not paying.....can they?

If they do not have any backups, then yes, they can. But i cannot imagine an institution as large as theirs not having backups. There is no way to get past the encryption unless you pay them - as far as i know no-one has managed to get past it

NHS just like any other local health system is not like a company or corporation

It is basically composed of (mostly) independent hospitals, dentistries, pharmacies, asylums (yeah), and similar entities. Obviously, they don't keep their patients data in a centralized way since that would likely be prohibitively expensive. The best analogy to such a system, as to me, would be a banking system which is made up of a Central bank and many private banks which are mostly on their own, i.e. they are free to decide how they organize their data storage and such things



Do you mean there is not regulation put in place to protect the patient records in the case the place gets hacked or burnt down? No off-site backups? that is a terrible business practice to begin with. Fair enough if it was a local business, but you are dealing with highly confidential patient records.
newbie
Activity: 53
Merit: 0
Could anyone here explain or maybe come up with some techniques these guys could possibly use to cash out?
Possible way for them to cashout :

1. Send those bitcoin to different other addresses in small batch using bitcoin mixing/tumbling services.
2. Re-mixing those mixed bitcoin and sending them to single address to hold for long term.
3. Wait till all this mesh up and hype slows down, than move those coin to different reputable exchange platforms and exchanging them in small amount each day to stay within limit of unverified account.
4. They may also sell those bitcoin in face to face deals in cash to remain out of government radar.

Thanks for the reply. I don't understand number 5 though. Do you mean that they will receive payments in cash in real life and then transfer the BTC to the buyer's adress? If so, that seems to make no sense to me. The bitcoins are most likely being tracked and I assume this will become the buyer's problem, and why would the buyer want that? Unless the buyer doesn't know about it...
hero member
Activity: 854
Merit: 500
Could anyone here explain or maybe come up with some techniques these guys could possibly use to cash out?
Possible way for them to cashout :

1. Send those bitcoin to different other addresses in small batch using bitcoin mixing/tumbling services.
2. Re-mixing those mixed bitcoin and sending them to single address to hold for long term.
3. Wait till all this mesh up and hype slows down, than move those coin to different reputable exchange platforms and exchanging them in small amount each day to stay within limit of unverified account.
4. They may also sell those bitcoin in face to face deals in cash to remain out of government radar.
newbie
Activity: 53
Merit: 0
So how are these guys planning on cashing out? I remember some Silkroad dealers had a fortune worth of Bitcoins but were never able to cash out because everything was being monitored. From what I read (https://bitcoinmagazine.com/articles/four-quick-questions-and-answers-about-ransomware-and-bitcoin/) only 40 BTC have been transferred to the addresses associated with the attack.

Could anyone here explain or maybe come up with some techniques these guys could possibly use to cash out?
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
I thought they'd have gained a lot more bitcoin's by now. I'm assuming the number of payments will rise dramatically as we get near some of the deadlines they set for ransoms to be paid?

The NHS can't just lose patients records by not paying.....can they?

If they do not have any backups, then yes, they can. But i cannot imagine an institution as large as theirs not having backups. There is no way to get past the encryption unless you pay them - as far as i know no-one has managed to get past it

NHS just like any other local health system is not like a company or corporation

It is basically composed of (mostly) independent hospitals, dentistries, pharmacies, asylums (yeah), and similar entities. Obviously, they don't keep their patients data in a centralized way since that would likely be prohibitively expensive. The best analogy to such a system, as to me, would be a banking system which is made up of a Central bank and many private banks which are mostly on their own, i.e. they are free to decide how they organize their data storage and such things

full member
Activity: 179
Merit: 250
I thought they'd have gained a lot more bitcoin's by now. I'm assuming the number of payments will rise dramatically as we get near some of the deadlines they set for ransoms to be paid?

The NHS can't just lose patients records by not paying.....can they?

This event raise awareness of the ransom malware which will help prevent its success in the future. Also if these guys don't make much money and it appears they are not, this could be the turning point where hackers begin lose interest in the concept.

Either way  with the increased awareness of bitcoin the long term affect is overwhelmingly positive.
full member
Activity: 189
Merit: 100
Legally-Binding Smart Contracts for all
I thought they'd have gained a lot more bitcoin's by now. I'm assuming the number of payments will rise dramatically as we get near some of the deadlines they set for ransoms to be paid?

The NHS can't just lose patients records by not paying.....can they?

If they do not have any backups, then yes, they can. But i cannot imagine an institution as large as theirs not having backups. There is no way to get past the encryption unless you pay them - as far as i know no-one has managed to get past it.
legendary
Activity: 3262
Merit: 1614
#1 VIP Crypto Casino
I thought they'd have gained a lot more bitcoin's by now. I'm assuming the number of payments will rise dramatically as we get near some of the deadlines they set for ransoms to be paid?

The NHS can't just lose patients records by not paying.....can they?
full member
Activity: 189
Merit: 100
Legally-Binding Smart Contracts for all
Recent article on the topic:
https://cryptoinsider.com/wannacry-ransomware-attack-warns-cyberspace-risks/

If they didnt decrypt the device, then there would be no incentive to pay them and noone would after the news got out. Even the FBI has recommended to those asking to pay the ransom. It is around $300 - $600 as far i read on the topic, which is not a lot considering what people store on the PC's.

This would be a great time to advertise Linux and mention perhaps its time to move on. One of the biggest ones that got hit was NHS, but back last year they were even warned that their system OS were outdated and that it did not comply with regulations.

“However, a Freedom of Information (FOI) request submitted by Motherboard to over 70 NHS Hospital Trusts revealed that thousands of NHS computers across the UK are running the outdated OS, potentially leaving confidential patient data vulnerable to attack. By running Windows XP, NHS Hospitals risk breaching data protection regulations, which are set to become even more stringent through the new General Data Protection Regulation (GDPR) coming into force in 2018.”
hero member
Activity: 1162
Merit: 547
CryptoTalk.Org - Get Paid for every Post!
Almost everywhere I have read, there are only 3 bitcoin addresses that are used while asking for ransom. It is not possible to say which person sent the ransom to the address, so even if users pay the ransom, their systems are still not going to get decypted.
Edit:It requires manual activation by hacker for decryption.
legendary
Activity: 4354
Merit: 3614
what is this "brake pedal" you speak of?
So,
How can we protect ourselves?
I heard that they are asking payments in Bitcoin, I haven't read that much about this attack.
I have updated my antivirus and copied all the data from my computer to my portable hard drive. Nothing is in my computer.
Also is this attack is only restricted to computers? or mobile phones are also affected?

only windows computers, no macs or *nix systems yet. XP, Vista, win8.x, win7 are vulnerable. not win10 as far as i know.

best defense: UPDATE your OS and software. backup to OFFLINE disks. use decent antivirus. and dont click unknown attachments in mail.
Pages:
Jump to: