Monitoring WannaCry hackers' bitcoin addresses in real time - page 3.

eckmar

legendary

Activity: 1878

Merit: 1038

Telegram: https://t.me/eckmar

Quote from: ?? on ??

Btw, here are some funny transactions made to the wannacry addresses

1) https://blockchain.info/tx/4dcf70c864172869c0950e4e24b9f1a7ff410417411a2a2d0ede85b6281b5a67
Someone sent 0.00006 btc from an address starting with 1FuckYou....
2) https://blockchain.info/tx/96015c757e440554005965b97349234dcae8d4c0f8cc3410a0743cbcc9bacd6c
Look at this transactions' sender's addresses, they seem to send a message to the hackers :
"1You....
1Are....
1A......
1Cunt..."

It is really funny when you post it here but tbh hackers probably didn't even notice it...

Agrello

full member

Activity: 189

Merit: 100

Legally-Binding Smart Contracts for all

Quote from: deisik on May 18, 2017, 09:58:25 AM

Quote from: Agrello on May 18, 2017, 07:08:02 AM

Do you mean there is not regulation put in place to protect the patient records in the case the place gets hacked or burnt down? No off-site backups? that is a terrible business practice to begin with. Fair enough if it was a local business, but you are dealing with highly confidential patient records.

I guess, there are no such regulations

Though I don't live in Britain and can't know for sure. I just assume that it would be too expensive to provide every hospital with the means to back up their patients' records as well as hire highly qualified staff to take care of security aspects of these records (including their reliable storage). Apart from that, I try to stay away from medical services on the whole unless I know what I need and I actually need that (I don't need much, anyway)

I see your point. I wonder how many other organisations or entities have issues such as theirs. I cant believe that despite their warning, they still let it be. Cheers mate.

deisik

legendary

Activity: 3514

Merit: 1280

English ⬄ Russian Translation Services

Quote from: Agrello on May 18, 2017, 07:08:02 AM

Quote from: deisik on May 17, 2017, 11:57:46 AM

Quote from: Agrello on May 17, 2017, 11:11:58 AM

Quote from: DeathAngel on May 17, 2017, 09:29:39 AM

I thought they'd have gained a lot more bitcoin's by now. I'm assuming the number of payments will rise dramatically as we get near some of the deadlines they set for ransoms to be paid?

The NHS can't just lose patients records by not paying.....can they?

If they do not have any backups, then yes, they can. But i cannot imagine an institution as large as theirs not having backups. There is no way to get past the encryption unless you pay them - as far as i know no-one has managed to get past it

NHS just like any other local health system is not like a company or corporation

It is basically composed of (mostly) independent hospitals, dentistries, pharmacies, asylums (yeah), and similar entities. Obviously, they don't keep their patients data in a centralized way since that would likely be prohibitively expensive. The best analogy to such a system, as to me, would be a banking system which is made up of a Central bank and many private banks which are mostly on their own, i.e. they are free to decide how they organize their data storage and such things

Do you mean there is not regulation put in place to protect the patient records in the case the place gets hacked or burnt down? No off-site backups? that is a terrible business practice to begin with. Fair enough if it was a local business, but you are dealing with highly confidential patient records.

I guess, there are no such regulations

Though I don't live in Britain and can't know for sure. I just assume that it would be too expensive to provide every hospital with the means to back up their patients' records as well as hire highly qualified staff to take care of security aspects of these records (including their reliable storage). Apart from that, I try to stay away from medical services on the whole unless I know what I need and I actually need that (I don't need much, anyway)

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Quote from: iluvpie60 on May 18, 2017, 08:18:45 AM

My issue with this whole thing is that how does the hacker know who paid. How can they actually decrypt said computer. The hacker would need access to the given computer to do anythinf I would imagine. Unless they can somehow use a kill switch?

I have done a little bit of research on this and the best I can come up with it that the computer is encoded in the Bitcoin address (one of three) and the amount of the ransom (lower bits of the ransom amount). Look at the ransom amounts here:

https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet

They are all a little bit different.

If this is true then paying the wrong amount would not work as the amount would not decode properly.

So, my next best idea is that the infected computer is in contact with the hackers over TOR.

Bottom line: I really do not know, I am still trying to figure that out.

poplolnman

legendary

Activity: 1442

Merit: 1008

Quote from: kaijser on May 17, 2017, 02:14:06 PM

Quote from: Catmony on May 17, 2017, 01:48:42 PM

Quote from: kaijser on May 17, 2017, 01:41:10 PM

Could anyone here explain or maybe come up with some techniques these guys could possibly use to cash out?

Possible way for them to cashout :

1. Send those bitcoin to different other addresses in small batch using bitcoin mixing/tumbling services.
2. Re-mixing those mixed bitcoin and sending them to single address to hold for long term.
3. Wait till all this mesh up and hype slows down, than move those coin to different reputable exchange platforms and exchanging them in small amount each day to stay within limit of unverified account.
4. They may also sell those bitcoin in face to face deals in cash to remain out of government radar.

Thanks for the reply. I don't understand number 5 though. Do you mean that they will receive payments in cash in real life and then transfer the BTC to the buyer's adress? If so, that seems to make no sense to me. The bitcoins are most likely being tracked and I assume this will become the buyer's problem, and why would the buyer want that? Unless the buyer doesn't know about it...

there is no number 5 btw Cheesy

, when you send the coin you can always mix it even though you receieve the cash face to face , and first of all a lot of people believe that bitcoin are anonymous, the transaction are anonymous but actually it's fully traceable, there is blockchain as public data, everyone can see it. just the matter how you could trace it, there is a lot of way too, but of course it wouldn't be easy to do that especially when you have mixed it over and over again. wish sooner or later the wannacry inventor get caught through tracked bitcoin address , and we can show to the world that bitcoin are not a currency for criminals!

iluvpie60

hero member

Activity: 700

Merit: 500

My issue with this whole thing is that how does the hacker know who paid. How can they actually decrypt said computer. The hacker would need access to the given computer to do anythinf I would imagine. Unless they can somehow use a kill switch?

steamon

sr. member

Activity: 404

Merit: 252

I think the ones that paid had very important data on their disks and could not have any downtime if it removed automatically after payment. Maybe 1 or 2 dumb people. For a ransomware virus they collected yea not much. I think a global automatic mining virus does a lot better than this.

I did not receive any calls here about people infected also here the people will not open anything weird so fast. I will send out a warning for future infections like this I think that's a smart idea.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: eckmar on May 18, 2017, 08:07:12 AM

2) Get Paid antivirus like ESET
3) Have brain

Even free solutions like Comodo would do if you have the nerve for it, since it will run in sandbox everything "untrusted".
Brain and nerves are necessary to check what's blocked and unblock the apps you really use and need and also remove the apps that should not be there / run.

eckmar

legendary

Activity: 1878

Merit: 1038

Telegram: https://t.me/eckmar

Quote from: User365 on May 14, 2017, 10:58:52 AM

WannaCry 2.0 is out and, guess what there is no killswitch anymore Grin

If you wanna protect against such threats, check out https://bitcointalksearch.org/topic/m.18888453
Its impossible to get infected with WannaCry if you follow the whole guide

I'll tell you this for free.
1) Update your Windows to latest version
2) Get Paid antivirus like ESET
3) Have brain

And that should cover it about all...

Agrello

full member

Activity: 189

Merit: 100

Legally-Binding Smart Contracts for all

Quote from: deisik on May 17, 2017, 11:57:46 AM

Quote from: Agrello on May 17, 2017, 11:11:58 AM

Quote from: DeathAngel on May 17, 2017, 09:29:39 AM

I thought they'd have gained a lot more bitcoin's by now. I'm assuming the number of payments will rise dramatically as we get near some of the deadlines they set for ransoms to be paid?

The NHS can't just lose patients records by not paying.....can they?

If they do not have any backups, then yes, they can. But i cannot imagine an institution as large as theirs not having backups. There is no way to get past the encryption unless you pay them - as far as i know no-one has managed to get past it

NHS just like any other local health system is not like a company or corporation

It is basically composed of (mostly) independent hospitals, dentistries, pharmacies, asylums (yeah), and similar entities. Obviously, they don't keep their patients data in a centralized way since that would likely be prohibitively expensive. The best analogy to such a system, as to me, would be a banking system which is made up of a Central bank and many private banks which are mostly on their own, i.e. they are free to decide how they organize their data storage and such things

Do you mean there is not regulation put in place to protect the patient records in the case the place gets hacked or burnt down? No off-site backups? that is a terrible business practice to begin with. Fair enough if it was a local business, but you are dealing with highly confidential patient records.

kaijser

newbie

Activity: 53

Merit: 0

Quote from: Catmony on May 17, 2017, 01:48:42 PM

Quote from: kaijser on May 17, 2017, 01:41:10 PM

Could anyone here explain or maybe come up with some techniques these guys could possibly use to cash out?

Possible way for them to cashout :

1. Send those bitcoin to different other addresses in small batch using bitcoin mixing/tumbling services.
2. Re-mixing those mixed bitcoin and sending them to single address to hold for long term.
3. Wait till all this mesh up and hype slows down, than move those coin to different reputable exchange platforms and exchanging them in small amount each day to stay within limit of unverified account.
4. They may also sell those bitcoin in face to face deals in cash to remain out of government radar.

Thanks for the reply. I don't understand number 5 though. Do you mean that they will receive payments in cash in real life and then transfer the BTC to the buyer's adress? If so, that seems to make no sense to me. The bitcoins are most likely being tracked and I assume this will become the buyer's problem, and why would the buyer want that? Unless the buyer doesn't know about it...

Catmony

hero member

Activity: 854

Merit: 500

Quote from: kaijser on May 17, 2017, 01:41:10 PM

Could anyone here explain or maybe come up with some techniques these guys could possibly use to cash out?

Possible way for them to cashout :

1. Send those bitcoin to different other addresses in small batch using bitcoin mixing/tumbling services.
2. Re-mixing those mixed bitcoin and sending them to single address to hold for long term.
3. Wait till all this mesh up and hype slows down, than move those coin to different reputable exchange platforms and exchanging them in small amount each day to stay within limit of unverified account.
4. They may also sell those bitcoin in face to face deals in cash to remain out of government radar.

kaijser

newbie

Activity: 53

Merit: 0

So how are these guys planning on cashing out? I remember some Silkroad dealers had a fortune worth of Bitcoins but were never able to cash out because everything was being monitored. From what I read (https://bitcoinmagazine.com/articles/four-quick-questions-and-answers-about-ransomware-and-bitcoin/) only 40 BTC have been transferred to the addresses associated with the attack.

Could anyone here explain or maybe come up with some techniques these guys could possibly use to cash out?

deisik

legendary

Activity: 3514

Merit: 1280

English ⬄ Russian Translation Services

Quote from: Agrello on May 17, 2017, 11:11:58 AM

Quote from: DeathAngel on May 17, 2017, 09:29:39 AM

I thought they'd have gained a lot more bitcoin's by now. I'm assuming the number of payments will rise dramatically as we get near some of the deadlines they set for ransoms to be paid?

The NHS can't just lose patients records by not paying.....can they?

If they do not have any backups, then yes, they can. But i cannot imagine an institution as large as theirs not having backups. There is no way to get past the encryption unless you pay them - as far as i know no-one has managed to get past it

NHS just like any other local health system is not like a company or corporation

It is basically composed of (mostly) independent hospitals, dentistries, pharmacies, asylums (yeah), and similar entities. Obviously, they don't keep their patients data in a centralized way since that would likely be prohibitively expensive. The best analogy to such a system, as to me, would be a banking system which is made up of a Central bank and many private banks which are mostly on their own, i.e. they are free to decide how they organize their data storage and such things

GetClams.com

full member

Activity: 179

Merit: 250

Quote from: DeathAngel on May 17, 2017, 09:29:39 AM

I thought they'd have gained a lot more bitcoin's by now. I'm assuming the number of payments will rise dramatically as we get near some of the deadlines they set for ransoms to be paid?

The NHS can't just lose patients records by not paying.....can they?

This event raise awareness of the ransom malware which will help prevent its success in the future. Also if these guys don't make much money and it appears they are not, this could be the turning point where hackers begin lose interest in the concept.

Either way with the increased awareness of bitcoin the long term affect is overwhelmingly positive.

Agrello

full member

Activity: 189

Merit: 100

Legally-Binding Smart Contracts for all

Quote from: DeathAngel on May 17, 2017, 09:29:39 AM

I thought they'd have gained a lot more bitcoin's by now. I'm assuming the number of payments will rise dramatically as we get near some of the deadlines they set for ransoms to be paid?

The NHS can't just lose patients records by not paying.....can they?

If they do not have any backups, then yes, they can. But i cannot imagine an institution as large as theirs not having backups. There is no way to get past the encryption unless you pay them - as far as i know no-one has managed to get past it.

DeathAngel

legendary

Activity: 3262

Merit: 1614

#1 VIP Crypto Casino

I thought they'd have gained a lot more bitcoin's by now. I'm assuming the number of payments will rise dramatically as we get near some of the deadlines they set for ransoms to be paid?

The NHS can't just lose patients records by not paying.....can they?

Agrello

full member

Activity: 189

Merit: 100

Legally-Binding Smart Contracts for all

Recent article on the topic:
https://cryptoinsider.com/wannacry-ransomware-attack-warns-cyberspace-risks/

If they didnt decrypt the device, then there would be no incentive to pay them and noone would after the news got out. Even the FBI has recommended to those asking to pay the ransom. It is around $300 - $600 as far i read on the topic, which is not a lot considering what people store on the PC's.

This would be a great time to advertise Linux and mention perhaps its time to move on. One of the biggest ones that got hit was NHS, but back last year they were even warned that their system OS were outdated and that it did not comply with regulations.

“However, a Freedom of Information (FOI) request submitted by Motherboard to over 70 NHS Hospital Trusts revealed that thousands of NHS computers across the UK are running the outdated OS, potentially leaving confidential patient data vulnerable to attack. By running Windows XP, NHS Hospitals risk breaching data protection regulations, which are set to become even more stringent through the new General Data Protection Regulation (GDPR) coming into force in 2018.”

apoorvlathey

hero member

Activity: 1162

Merit: 547

CryptoTalk.Org - Get Paid for every Post!

Almost everywhere I have read, there are only 3 bitcoin addresses that are used while asking for ransom. It is not possible to say which person sent the ransom to the address, so even if users pay the ransom, their systems are still not going to get decypted.
Edit:It requires manual activation by hacker for decryption.

vapourminer

legendary

Activity: 4354

Merit: 3614

what is this "brake pedal" you speak of?

Quote from: lolxxxx on May 17, 2017, 03:10:48 AM

So,
How can we protect ourselves?
I heard that they are asking payments in Bitcoin, I haven't read that much about this attack.
I have updated my antivirus and copied all the data from my computer to my portable hard drive. Nothing is in my computer.
Also is this attack is only restricted to computers? or mobile phones are also affected?

only windows computers, no macs or *nix systems yet. XP, Vista, win8.x, win7 are vulnerable. not win10 as far as i know.

best defense: UPDATE your OS and software. backup to OFFLINE disks. use decent antivirus. and dont click unknown attachments in mail.

Topic: Monitoring WannaCry hackers' bitcoin addresses in real time - page 3. (Read 22954 times)