Monitoring WannaCry hackers' bitcoin addresses in real time - page 4.

Xester

hero member

Activity: 994

Merit: 544

Quote from: NeuroticFish on May 13, 2017, 03:33:45 PM

Quote from: Iranus on May 13, 2017, 03:27:06 PM

If it was $20 instead, I would probably pay it anyway, but there's really no point.

Yes, that's why they don't really target individuals. But if they've found a couple of sloppy companies, jackpot!

Quote from: coinits on May 13, 2017, 01:23:54 PM

I assume the following:
- that some institutions reverted to clean backups
- there are more than 3 addresses
- spread was stopped by a blogger who discovered a kill switch in the virus (this has been verified) - https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack

There have to be more than 3 addresses. And it's Saturday, many companies cannot access their money until the banks open Monday. Only then we'll see how big the damage is...

You are right they are not targeting ordinary citizens but rather companies especially large ones even those who have a good firewall to protect their datas. This kind of attacks have been already a threat to the world and many big companies are starting to worry about those kind of attacks. Hope the government around the world will use the interpol to put those kinds of issues in a priority.

lolxxxx

legendary

Activity: 2184

Merit: 1032

So,
How can we protect ourselves?
I heard that they are asking payments in Bitcoin, I haven't read that much about this attack.
I have updated my antivirus and copied all the data from my computer to my portable hard drive. Nothing is in my computer.
Also is this attack is only restricted to computers? or mobile phones are also affected?

ekoice

hero member

Activity: 742

Merit: 500

Quote from: Wendigo on May 14, 2017, 12:30:56 AM

Quote from: jaberwock on May 13, 2017, 11:05:51 PM

Now how they will spend their hard earned hacking money, considering the addresses are known and probably are blacklisted everywhere?

Putting the coins through a mixing service most likely.

Yes,they may use Bitmixer or Cryptomixer for mixing their coins so that they can move safely unidentified.

steampunkz

sr. member

Activity: 1162

Merit: 268

50% bonus on your First Topup

Quote from: gordoh on May 16, 2017, 11:31:39 AM

What if this whole thing is a conspiracy by Microsoft to scare people into downloading the latest update... Think about it!

Yeah I've been thinking about that for a while, Sounds Legit to me. Because of the situation right now Many people Had been pirating windows O.S. Nowadays now people don't buy Licences Key because of this many windows loader to makes your O.S Instantly becoming genuine copy also because of Cloning P.C, Diskless system etc. Just to avoid this malware. Use genuine windows and Update your windows security also put Anti Virus, and back-up.

BurtW

legendary

Activity: 2646

Merit: 1136

All paid signature campaigns should be banned.

Now over 40 BTC (over $73,000) collected by the authors:

https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet

slaman29

legendary

Activity: 2674

Merit: 1226

Livecasino, 20% cashback, no fuss payouts.

Doesn't seem like a very good return for what seemed to be a global attack. Of course, it's possible that not much resources were used in the attack but in terms of time, it doesn't seem like a very profitable scam. Then again, maybe there were other addresses we don't know about.

And yes, as usual, media makes the hype out of Bitcoin. Nobody would give a look if the hackers asked for pesos.

magneto

hero member

Activity: 1666

Merit: 753

Honestly this has been probably hyped a lot more in the media and I'm really surprised to see that only a few bitcoins have been collected. I would estimate at least 30 BTC to be honest with you, because 10 BTC just seems like such a low amount and probably isn't the correct figure.

The fiasco will probably end soon though since the developer of this malware seems to be an amateur and a kill switch has been found already.

The main thing is that the whole thing makes it seem like bitcoin is behind it all. People refer to it as the "bitcoin ransomware", bringing bad image to bitcoin.

BurtW

legendary

Activity: 2646

Merit: 1136

All paid signature campaigns should be banned.

Quote from: ecnalubma on May 17, 2017, 02:17:35 AM

Blockchain must make a move, they have all the controls and resources. This is a hate action bitcoin community might suffer from this in the future i guess.

WTF are you talking about? You are an idiot sig spammer. Idiot.

ecnalubma

sr. member

Activity: 1526

Merit: 420

Blockchain must make a move, they have all the controls and resources. This is a hate action bitcoin community might suffer from this in the future i guess.

Russlenat

hero member

Activity: 2716

Merit: 904

wow until now they earn ransom bitcoin. if these bitcoin address are blocked where this bitcoin can go? who would be benefited this?

Amph

legendary

Activity: 3206

Merit: 1069

Quote from: freedomno1 on May 14, 2017, 12:54:36 AM

Quote from: Wendigo on May 14, 2017, 12:30:56 AM

Quote from: jaberwock on May 13, 2017, 11:05:51 PM

Now how they will spend their hard earned hacking money, considering the addresses are known and probably are blacklisted everywhere?

Putting the coins through a mixing service most likely.

Would say they mix the coins a few times before they move the coins to an exchange to convert them into alt-coins or cash then repeat the cycle and so that no one can follow the route.
Either that or sell them to someone in person/generate new wallet keys before mixing them.
That or buy giftcards

they don't need to do that they have two option

sending them to an unknown or small exchange without mixing, the exchange will not even care about those address i can bet my ass on that

selling those coins privately in real life, likely the buyers will not be aware about the blacklisting of these address

gordoh

sr. member

Activity: 350

Merit: 250

Quote from: cellard on May 16, 2017, 11:34:56 AM

Quote from: gordoh on May 16, 2017, 11:31:39 AM

What if this whole thing is a conspiracy by Microsoft to scare people into downloading the latest update... Think about it!

It makes no sense. The amount of bad publicity Microsoft is getting outplays any benefits of a supposed conspiracy inside job to download the latest update. I mean what's the point? And as far as I know WannaCry 2.0 is already out there infecting computers so Microsoft is getting exposed as unsafe software.

Yea good point. So I guess we are going with North Korea then? I just think its too easy and convenient to blame a nation that already has a bad rep in the media. Even more reason for Trump to do something stupid I guess. Let me not get into American politics though.

freedomno1

legendary

Activity: 1806

Merit: 1090

Learning the troll avoidance button :)

Quote from: deisik on May 16, 2017, 04:05:38 PM

Eternal Blue seems to refer to the dreaded blue screen of death (BSOD), I suspect

I would presume, then NSA tool's tend to be named to reference analogies like the Weeping Angel from Dr.Who etc.
Eternal Blue is easily connected to BSOD.
https://techcrunch.com/2017/03/09/names-and-definitions-of-leaked-cia-hacking-tools/

That and teaching kids from the year 2000 how to spell Banana's BA NA NA S (Song Reference).
https://www.youtube.com/watch?v=UqcONoahlmQ

"Epic Banana," "Banana Glee," "Banana Ballot," "Banana Liar," "Bannana Daiquiri"
(Just missing a Banana Republic)
http://www.businessinsider.de/nsa-hacking-tools-exploits-2016-8

deisik

legendary

Activity: 3458

Merit: 1280

English ⬄ Russian Translation Services

Quote from: vapourminer on May 16, 2017, 02:41:48 PM

Quote from: deisik on May 16, 2017, 01:44:43 AM

Port 445 is open by default in Windows. At least, on versions prior to Windows 7 (Windows XP is the last version that I am more or less familiar with). This port is required for Windows local networking (for file and printer sharing), so if it is open and computer is connected to Internet, it will be exposed as well. Personally, I think that here we have a case with a backdoor intentionally left by Microsoft and information of which (how to use it) got stolen from an Alphabet agency

port 445 may be open in internal networks. it is not open to the internet, at least with a properly set up router/firewall

If a port is accessible from outside (via internal network or otherwise) it is considered as open

Some Internet service providers specifically block access from Internet to a range of ports (port 445 belongs to this group as well) which are known to attract hackers like shit attracts flies (due to a history of vulnerabilities), but this doesn't change a thing in this regard. In other words, a port can be closed (rather, not opened) only from inside, and while it is not closed (or filtered), it is considered as open (it is access to it which may be blocked). If your computer is behind a router, you may not even know what is behind it and whether there is anything at all

Quote from: Lorilikes on May 16, 2017, 03:30:48 PM

I am sure everyone knows that the WannaCry ransomware is rumored to use an exploit called Eternal Blue, allegedly created by the U.S. National Security Agency to attack Microsoft Windows operating systems

Eternal Blue seems to refer to the dreaded blue screen of death (BSOD), I suspect

Lorilikes

sr. member

Activity: 672

Merit: 251

Content| Press Releases | Articles | Strategy

What's really making me wonder if this is a distraction efforts. "Look at the bad Bitcoin scandal, don't look at your own government or your trusted Brands like Microsoft. Just look at the attackers"
I am sure everyone knows that the WannaCry ransomware is rumored to use an exploit called Eternal Blue, allegedly created by the U.S. National Security Agency to attack Microsoft Windows operating systems. Although a patch had been issued back in March to secure the weakness that allowed the attack to get in, postponed updates or ignored update installation alerts left massive numbers of computers vulnerable and WannaCry malware slithered right in as if an invited guest.

Hmmm...

[/b]

Qartada

hero member

Activity: 546

Merit: 500

Quote from: coinits on May 15, 2017, 06:33:22 PM

Quote from: sportis on May 15, 2017, 10:43:21 AM

Quote from: Iranus on May 13, 2017, 03:27:06 PM

Do people really not back up their files regularly?

No they don't. Especially in public services where users call the IT for everything because they don't know or they don't like to do anything related to computers even though is a very stupid thing. So the most part of the day IT do lesser important tasks than it has to do. As an example ' local printer has a stuck piece of paper ' and so on.

Quote

I would assume that a huge part of the reason the thieves aren't getting as much money as we'd expect is because most people back up their files at least every month or so. Institutions should back up their files much more regularly than that.

No most people are too lazy to do a regular back say after a month or more. I believe hackers they didn't target whom computer would infected from virus.

Quote

Unless there's very significant new sensitive information that needs decrypting, there's not much reason for people to pay such a big ransom. If it was $20 instead, I would probably pay it anyway, but there's really no point.

I believe that $300 as a ransom is not a big amount of money for many services or institutions especially if these are located in Europe or USA or some rich countries in Asia. I don't know for the rest countries in the world.

It's $300 per computer, not per company.

Exactly. The hackers need to choose the ideal amount of money to steal if they want to keep their operations profitable.

Clearly the prices they're charging have been considered to be worth just slightly less than the amount of effort it would take to buy a new computer and create new information. In the cases of whole institutions, it should be worth it as they'll have a lot of sensitive information (like data about patient health in hospitals).

This should get everyone working in IT who had their company's computers infected fired. It was very easy to avoid by just updating for critical patches.

GetClams.com

full member

Activity: 179

Merit: 250

Quote from: youdamushi on May 15, 2017, 10:50:56 AM

That's funny, they made a global attack in my company.

To be fair you've got to be a bit stupid to actually fall for it...
Added to that the fact athat big companies all have data save of important files.

Exactly, you are telling me banks and hospitals do not have backups? Then somebody should lose their job.

vapourminer

legendary

Activity: 4354

Merit: 3614

what is this "brake pedal" you speak of?

Quote from: deisik on May 16, 2017, 01:44:43 AM

Port 445 is open by default in Windows. At least, on versions prior to Windows 7 (Windows XP is the last version that I am more or less familiar with). This port is required for Windows local networking (for file and printer sharing), so if it is open and computer is connected to Internet, it will be exposed as well. Personally, I think that here we have a case with a backdoor intentionally left by Microsoft and information of which (how to use it) got stolen from an Alphabet agency

port 445 may be open in internal networks. it is not open to the internet, at least with a properly set up router/firewall.

go to grc.com and let it scan your ports. 445 is stealthed on mine. thats with 6 computers behind a router, and windows firewall on plus whatever firewalls freenas, ubuntu and the rpi use. and i have file/printer sharing on.

cellard

legendary

Activity: 1372

Merit: 1252

Quote from: gordoh on May 16, 2017, 11:31:39 AM

What if this whole thing is a conspiracy by Microsoft to scare people into downloading the latest update... Think about it!

It makes no sense. The amount of bad publicity Microsoft is getting outplays any benefits of a supposed conspiracy inside job to download the latest update. I mean what's the point? And as far as I know WannaCry 2.0 is already out there infecting computers so Microsoft is getting exposed as unsafe software.

gordoh

sr. member

Activity: 350

Merit: 250

What if this whole thing is a conspiracy by Microsoft to scare people into downloading the latest update... Think about it!

Topic: Monitoring WannaCry hackers' bitcoin addresses in real time - page 4. (Read 22954 times)