Pages:
Author

Topic: Monitoring WannaCry hackers' bitcoin addresses in real time - page 4. (Read 22954 times)

hero member
Activity: 994
Merit: 544
If it was $20 instead, I would probably pay it anyway, but there's really no point.

Yes, that's why they don't really target individuals. But if they've found a couple of sloppy companies, jackpot!


I assume the following:
- that some institutions reverted to clean backups
- there are more than 3 addresses
- spread was stopped by a blogger who discovered a kill switch in the virus (this has been verified) - https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack

There have to be more than 3 addresses. And it's Saturday, many companies cannot access their money until the banks open Monday. Only then we'll see how big the damage is...

You are right they are not targeting ordinary citizens but rather companies especially large ones even those who have a good firewall to protect their datas. This kind of attacks have been already a threat to the world and many big companies are starting to worry about those kind of attacks. Hope the government around the world will use the interpol to put those kinds of issues in a priority.
legendary
Activity: 2198
Merit: 1032
So,
How can we protect ourselves?
I heard that they are asking payments in Bitcoin, I haven't read that much about this attack.
I have updated my antivirus and copied all the data from my computer to my portable hard drive. Nothing is in my computer.
Also is this attack is only restricted to computers? or mobile phones are also affected?
hero member
Activity: 742
Merit: 500
Now how they will spend their hard earned hacking money, considering the addresses are known and probably are blacklisted everywhere?


Putting the coins through a mixing service most likely.
Yes,they may use Bitmixer or Cryptomixer for mixing their coins so that they can move safely unidentified.
sr. member
Activity: 1162
Merit: 268
50% bonus on your First Topup
What if this whole thing is a conspiracy by Microsoft to scare people into downloading the latest update... Think about it!

Yeah I've been thinking about that for a while, Sounds Legit to me. Because of the situation right now Many people Had been pirating windows O.S. Nowadays now people don't buy Licences Key because of this many windows loader to makes your O.S Instantly becoming genuine copy also because of Cloning P.C, Diskless system etc. Just to avoid this malware. Use genuine windows and Update your windows security also put Anti Virus, and  back-up.
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
Now over 40 BTC (over $73,000) collected by the authors:

https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet

legendary
Activity: 2674
Merit: 1226
Livecasino, 20% cashback, no fuss payouts.
Doesn't seem like a very good return for what seemed to be a global attack. Of course, it's possible that not much resources were used in the attack but in terms of time, it doesn't seem like a very profitable scam. Then again, maybe there were other addresses we don't know about.

And yes, as usual, media makes the hype out of Bitcoin. Nobody would give a look if the hackers asked for pesos.
hero member
Activity: 1666
Merit: 753
Honestly this has been probably hyped a lot more in the media and I'm really surprised to see that only a few bitcoins have been collected. I would estimate at least 30 BTC to be honest with you, because 10 BTC just seems like such a low amount and probably isn't the correct figure.

The fiasco will probably end soon though since the developer of this malware seems to be an amateur and a kill switch has been found already.

The main thing is that the whole thing makes it seem like bitcoin is behind it all. People refer to it as the "bitcoin ransomware", bringing bad image to bitcoin.
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
Blockchain must make a move, they have all the controls and resources. This is a hate action bitcoin community might suffer from this in the future i guess.
WTF are you talking about?  You are an idiot sig spammer.  Idiot.
sr. member
Activity: 1540
Merit: 420
www.Artemis.co
Blockchain must make a move, they have all the controls and resources. This is a hate action bitcoin community might suffer from this in the future i guess.
hero member
Activity: 2716
Merit: 904
wow until now they earn ransom bitcoin. if these bitcoin address are blocked where this bitcoin can go? who would be benefited this?
legendary
Activity: 3248
Merit: 1070
Now how they will spend their hard earned hacking money, considering the addresses are known and probably are blacklisted everywhere?


Putting the coins through a mixing service most likely.

Would say they mix the coins a few times before they move the coins to an exchange to convert them into alt-coins or cash then repeat the cycle and so that no one can follow the route.
Either that or sell them to someone in person/generate new wallet keys before mixing them.
That or buy giftcards

they don't need to do that they have two option

sending them to an unknown or small exchange without mixing, the exchange will not even care about those address i can bet my ass on that

selling those coins privately in real life, likely the buyers will not be aware about the blacklisting of these address
sr. member
Activity: 350
Merit: 250
What if this whole thing is a conspiracy by Microsoft to scare people into downloading the latest update... Think about it!

It makes no sense. The amount of bad publicity Microsoft is getting outplays any benefits of a supposed conspiracy inside job to download the latest update. I mean what's the point? And as far as I know WannaCry 2.0 is already out there infecting computers so Microsoft is getting exposed as unsafe software.

Yea good point. So I guess we are going with North Korea then? I just think its too easy and convenient to blame a nation that already has a bad rep in the media. Even more reason for Trump to do something stupid I guess. Let me not get into American politics though.
legendary
Activity: 1834
Merit: 1094
Learning the troll avoidance button :)
Eternal Blue seems to refer to the dreaded blue screen of death (BSOD), I suspect

I would presume, then NSA tool's tend to be named to reference analogies like the Weeping Angel from Dr.Who etc.
Eternal Blue is easily connected to BSOD.
https://techcrunch.com/2017/03/09/names-and-definitions-of-leaked-cia-hacking-tools/

That and teaching kids from the year 2000 how to spell Banana's BA NA NA S (Song Reference).
https://www.youtube.com/watch?v=UqcONoahlmQ

"Epic Banana," "Banana Glee," "Banana Ballot," "Banana Liar," "Bannana Daiquiri"
(Just missing a Banana Republic)
http://www.businessinsider.de/nsa-hacking-tools-exploits-2016-8

legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services


Port 445 is open by default in Windows. At least, on versions prior to Windows 7 (Windows XP is the last version that I am more or less familiar with). This port is required for Windows local networking (for file and printer sharing), so if it is open and computer is connected to Internet, it will be exposed as well. Personally, I think that here we have a case with a backdoor intentionally left by Microsoft and information of which (how to use it) got stolen from an Alphabet agency

port 445 may be open in internal networks. it is not open to the internet, at least with a properly set up router/firewall

If a port is accessible from outside (via internal network or otherwise) it is considered as open

Some Internet service providers specifically block access from Internet to a range of ports (port 445 belongs to this group as well) which are known to attract hackers like shit attracts flies (due to a history of vulnerabilities), but this doesn't change a thing in this regard. In other words, a port can be closed (rather, not opened) only from inside, and while it is not closed (or filtered), it is considered as open (it is access to it which may be blocked). If your computer is behind a router, you may not even know what is behind it and whether there is anything at all

I am sure everyone knows that the WannaCry ransomware  is rumored to use an exploit called Eternal Blue, allegedly created by the U.S. National Security Agency to attack Microsoft Windows operating systems

Eternal Blue seems to refer to the dreaded blue screen of death (BSOD), I suspect
sr. member
Activity: 686
Merit: 251
Content| Press Releases | Articles | Strategy
   
What's really making me wonder if this is a distraction efforts.  "Look at the bad Bitcoin scandal, don't look at your own government or your trusted Brands like Microsoft. Just look at the attackers"
I am sure everyone knows that the WannaCry ransomware  is rumored to use an exploit called Eternal Blue, allegedly created by the U.S. National Security Agency to attack Microsoft Windows operating systems.  Although a patch had been issued back in March to secure the weakness that allowed the attack to get in, postponed updates or ignored update installation alerts left massive numbers of computers vulnerable and WannaCry malware slithered right in as if an invited guest.

Hmmm...

 
[/b]
hero member
Activity: 546
Merit: 500
Do people really not back up their files regularly?

No they don't. Especially in public services where users call the IT for everything because they don't know or they don't like to do anything related to computers even though is a very stupid thing. So the most part of the day IT do lesser important tasks than it has to do. As an example ' local printer has a stuck piece of paper ' and so on.
 
Quote
I would assume that a huge part of the reason the thieves aren't getting as much money as we'd expect is because most people back up their files at least every month or so.  Institutions should back up their files much more regularly than that.

No most people are too lazy to do a regular back say after a month or more. I believe hackers they didn't target whom computer would infected from virus.  

Quote
Unless there's very significant new sensitive information that needs decrypting, there's not much reason for people to pay such a big ransom.  If it was $20 instead, I would probably pay it anyway, but there's really no point.

I believe that $300 as a ransom is not a big amount of money for many services or institutions especially if these are located in Europe or USA or some rich countries in Asia. I don't know for the rest countries in the world.



It's $300 per computer, not per company.
Exactly.  The hackers need to choose the ideal amount of money to steal if they want to keep their operations profitable. 

Clearly the prices they're charging have been considered to be worth just slightly less than the amount of effort it would take to buy a new computer and create new information.  In the cases of whole institutions, it should be worth it as they'll have a lot of sensitive information (like data about patient health in hospitals).

This should get everyone working in IT who had their company's computers infected fired.  It was very easy to avoid by just updating for critical patches.
full member
Activity: 179
Merit: 250
That's funny, they made a global attack in my company.

To be fair you've got to be a bit stupid to actually fall for it...
Added to that the fact athat big companies all have data save of important files.

Exactly, you are telling me banks and hospitals do not have backups? Then somebody should lose their job.
legendary
Activity: 4354
Merit: 3614
what is this "brake pedal" you speak of?


Port 445 is open by default in Windows. At least, on versions prior to Windows 7 (Windows XP is the last version that I am more or less familiar with). This port is required for Windows local networking (for file and printer sharing), so if it is open and computer is connected to Internet, it will be exposed as well. Personally, I think that here we have a case with a backdoor intentionally left by Microsoft and information of which (how to use it) got stolen from an Alphabet agency

port 445 may be open in internal networks. it is not open to the internet, at least with a properly set up router/firewall.

go to grc.com and let it scan your ports. 445 is stealthed on mine. thats with 6 computers behind a router, and windows firewall on plus whatever firewalls freenas, ubuntu and the rpi use. and i have file/printer sharing on.
legendary
Activity: 1372
Merit: 1252
What if this whole thing is a conspiracy by Microsoft to scare people into downloading the latest update... Think about it!

It makes no sense. The amount of bad publicity Microsoft is getting outplays any benefits of a supposed conspiracy inside job to download the latest update. I mean what's the point? And as far as I know WannaCry 2.0 is already out there infecting computers so Microsoft is getting exposed as unsafe software.
sr. member
Activity: 350
Merit: 250
What if this whole thing is a conspiracy by Microsoft to scare people into downloading the latest update... Think about it!
Pages:
Jump to: