Monitoring WannaCry hackers' bitcoin addresses in real time - page 5.

cellard

legendary

Activity: 1372

Merit: 1252

Quote from: NeuroticFish on May 16, 2017, 09:46:52 AM

Quote from: BillyBobZorton on May 16, 2017, 08:48:48 AM

How do you even know those addresses? Also, aren't like 200,000 computers infected already? in my evil mind, if I was a smart hacker, I would use a different address per computer.

I would do the same. But for some reasons the hackers seem to use only a handful of Bitcoin addresses.
Maybe they don't even care who pays and who doesn't (did you hear of successful data recover after this ransomware, after paying the price?). Or maybe they don't know enough about Bitcoin?

My take is that they don't care if the hacked bitcoins get easily detected by curious people (basically the entire bitcoin community is monitoring how this evolves so im sure they knew they would get traced carefully by community members).

Even if they used thousands of addresses, that would be just more of an headache when trying to mix them.

All these criminals have to do once they got all the money they wanted, is to send it all at some mixing site over tor and that's it, you lose track of it all, and that's where unfortunately all the people that got infected will never see their money back.

But let this be an useful lesson for people to take more seriously their jobs.

arimamib

hero member

Activity: 1792

Merit: 574

Leading Crypto Sports Betting & Casino Platform

Quote from: coinits on May 13, 2017, 12:13:09 PM

For a global attack they have not collected a lot of bitcoin yet. Results as of 16:00 GMT

Address 1: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

live link: https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

31 transactions = 4.65255659 BTC

Address 2: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

live link: https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

27 transactions = 3.10004389 BTC

Wallet 3: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

live link: https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

36 transactions = 6.53259945 BTC

~ 14.28 BTC x $1735.35 per BTC = $24,781 ransom paid thus far.

Add more addresses as you find them.

In the presence of this. Will have many positive and negative impacts that will occur to bitcoin. We can only hope the best lol

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: BillyBobZorton on May 16, 2017, 08:48:48 AM

How do you even know those addresses? Also, aren't like 200,000 computers infected already? in my evil mind, if I was a smart hacker, I would use a different address per computer.

I would do the same. But for some reasons the hackers seem to use only a handful of Bitcoin addresses.
Maybe they don't even care who pays and who doesn't (did you hear of successful data recover after this ransomware, after paying the price?). Or maybe they don't know enough about Bitcoin?

deisik

legendary

Activity: 3458

Merit: 1280

English ⬄ Russian Translation Services

Quote from: BillyBobZorton on May 16, 2017, 08:48:48 AM

How do you even know those addresses? Also, aren't like 200,000 computers infected already? in my evil mind, if I was a smart hacker, I would use a different address per computer. Im not sure how this works, but if this is the case, then there's 200,000 addresses you would need to keep track off which is nuts.

It's in any case surprising that companies are storing important info in windows machines... what a bunch of idiots

Let's hope that at least some of them will learn the lesson

And finally switch to using a decent operating system with no backdoors and open by default ports. Regarding 200k addresses, the virus is obviously calculating some checksum which the victim should then send to the hacker (otherwise it would be impossible to generate the key to decrypt the files), so the process can be easily automated via a database and a simple script linking together a Bitcoin address and a checksum provided

BillyBobZorton

legendary

Activity: 1204

Merit: 1028

How do you even know those addresses? Also, aren't like 200,000 computers infected already? in my evil mind, if I was a smart hacker, I would use a different address per computer. Im not sure how this works, but if this is the case, then there's 200,000 addresses you would need to keep track off which is nuts.

It's in any case surprising that companies are storing important info in windows machines... what a bunch of idiots.

youdamushi

sr. member

Activity: 392

Merit: 250

Quote from: coinits on May 15, 2017, 06:33:22 PM

It's $300 per computer, not per company.

Yeah and as it's supposed to spread in the whole company it can goes reaaaaaaaally fast Grin

BitcoinHunt3r

legendary

Activity: 2954

Merit: 1155

Leading Crypto Sports Betting & Casino Platform

Quote from: stompix on May 15, 2017, 10:48:55 AM

Quote from: Sniper44 on May 15, 2017, 09:31:36 AM

Quote from: stompix on May 15, 2017, 09:21:53 AM

Quote from: BitcoinHunt3r on May 15, 2017, 04:49:19 AM

wonder where they will sell their coins, some big exchanger must verify id right? even in my country some fiat exchanger ask user to verify their ID and must selfie to make sure it is real person

They will mix their coins 2-3 times , exchange to ltc or other coin on an exchange that doesn't require id for crypto withdrawals change them back into btc on another and then coin by coin on localbitcoins to fiat .

LB is also a bit of a mixer itself so by the time people will finish tracking those coins and altcoin movements...it will be 250

all the exchanges that i have seen so far (even exchanges like btc-e that are too flexible and anonymous themselves) have a line in their terms of services that says if any law enforcement asks them, they will give your information to them (full cooperation) and in case of such a big scam like this, i am sure a lot of agencies are watching where the coins are going to go and will find them if use an exchange.

Yeah and what info will they give? The addresses of those altcoins?
Then they will have to check again where those altcoins went? By the time they finally get a bit closer to their target they will stumble on a shady exchange that is already gone Wink

)).

Trust me, those guys will not get caught because of the bitcoin trail they leave behind.
And that is a good thing.
Otherwise the so called anonymity of btc would be considered a joke.

maybe only email address and some IPs that they use to log in because i have 1 experience ask exchanger legally when got problem with my acc they only give log in IP and not much information

deisik

legendary

Activity: 3458

Merit: 1280

English ⬄ Russian Translation Services

Quote from: coinits on May 15, 2017, 06:29:51 PM

Quote from: ecnalubma on May 15, 2017, 03:28:59 AM

In the beginning internet is not a safe place for everyone. Click, download, register etc. at your own risk. Grin

It has been revealed that this did not spread by clicking on any links.

See this link https://www.wsj.com/articles/cybersecurity-experts-first-task-find-out-how-virus-spread-1494868250

From the article:

Quote

Investigators have already ruled out phishing—tricking someone into opening a seemingly legitimate email attachment that actually contains the virus—as a possible tactic. One of their hypotheses centers on something called port 445, an outlet that isn’t supposed to be connected to the internet.

Port 445 is open by default in Windows. At least, on versions prior to Windows 7 (Windows XP is the last version that I am more or less familiar with). This port is required for Windows local networking (for file and printer sharing), so if it is open and computer is connected to Internet, it will be exposed as well. Personally, I think that here we have a case with a backdoor intentionally left by Microsoft and information of which (how to use it) got stolen from an Alphabet agency

Chickens always come home to roost

coinits

legendary

Activity: 1582

Merit: 1019

011110000110110101110010

Quote from: sportis on May 15, 2017, 10:43:21 AM

Quote from: Iranus on May 13, 2017, 03:27:06 PM

Do people really not back up their files regularly?

No they don't. Especially in public services where users call the IT for everything because they don't know or they don't like to do anything related to computers even though is a very stupid thing. So the most part of the day IT do lesser important tasks than it has to do. As an example ' local printer has a stuck piece of paper ' and so on.

Quote

I would assume that a huge part of the reason the thieves aren't getting as much money as we'd expect is because most people back up their files at least every month or so. Institutions should back up their files much more regularly than that.

No most people are too lazy to do a regular back say after a month or more. I believe hackers they didn't target whom computer would infected from virus.

Quote

Unless there's very significant new sensitive information that needs decrypting, there's not much reason for people to pay such a big ransom. If it was $20 instead, I would probably pay it anyway, but there's really no point.

I believe that $300 as a ransom is not a big amount of money for many services or institutions especially if these are located in Europe or USA or some rich countries in Asia. I don't know for the rest countries in the world.

It's $300 per computer, not per company.

coinits

legendary

Activity: 1582

Merit: 1019

011110000110110101110010

Quote from: ecnalubma on May 15, 2017, 03:28:59 AM

In the beginning internet is not a safe place for everyone. Click, download, register etc. at your own risk. Grin

It has been revealed that this did not spread by clicking on any links.

See this link https://www.wsj.com/articles/cybersecurity-experts-first-task-find-out-how-virus-spread-1494868250

From the article:

Quote

Investigators have already ruled out phishing—tricking someone into opening a seemingly legitimate email attachment that actually contains the virus—as a possible tactic. One of their hypotheses centers on something called port 445, an outlet that isn’t supposed to be connected to the internet.

wxa7115

hero member

Activity: 2702

Merit: 704

Quote from: coinits on May 14, 2017, 04:17:48 PM

Quote from: btcforall777 on May 14, 2017, 03:42:49 PM

Some of the media are blaming them on the drop in BTC price as they happened simultaneously. Make sense to me. What do you think?

I doubt it. The bulk of people being affected don't control the btc market. The whole market is in a bubble. Bubbles burst...eventually.

But since bubbles are created with the optimism of the people, this hack without a doubt has an impact since once again people see this as a way for criminals to use bitcoin without anything being done, so I think this was a factor that stopped confidence and created the environment in which the price of bitcoin could go down once again.

btcforall777

full member

Activity: 235

Merit: 250

Quote from: coinits on May 14, 2017, 07:35:34 PM

Quote from: btcforall777 on May 14, 2017, 07:22:34 PM

Quote from: coinits on May 14, 2017, 04:17:48 PM

Quote from: btcforall777 on May 14, 2017, 03:42:49 PM

Some of the media are blaming them on the drop in BTC price as they happened simultaneously. Make sense to me. What do you think?

I doubt it. The bulk of people being affected don't control the btc market. The whole market is in a bubble. Bubbles burst...eventually.

Maybe the market is just looking for a reason or reasons. Like you said people are afraid to jump.

20.95 BTC hardly seems like enough to manipulate the market. Fear could but I don't see the fearful affecting this market because I doubt that many have more than a cursory knowledge of bitcoin.

The ones without knowledge would be the ones that would dump over something relevant as this. maybe.

deisik

legendary

Activity: 3458

Merit: 1280

English ⬄ Russian Translation Services

Quote from: sportis on May 15, 2017, 10:43:21 AM

Quote from: Iranus on May 13, 2017, 03:27:06 PM

Do people really not back up their files regularly?

No they don't. Especially in public services where users call the IT for everything because they don't know or they don't like to do anything related to computers even though is a very stupid thing. So the most part of the day IT do lesser important tasks than it has to do. As an example ' local printer has a stuck piece of paper ' and so on

That depends on the public service

The one that I once was hired by as a "contractor" of sorts had strict policies in this regard. They had some enterprise level document management system in place (something like Lotus Domino at the time) and also had a guy specifically appointed to manage that system. I guess it was one of his duties to back up all documents that entered the system. Indeed, small hospitals and minor public services are as irresponsible in this regard as it could ever get

youdamushi

sr. member

Activity: 392

Merit: 250

That's funny, they made a global attack in my company.

To be fair you've got to be a bit stupid to actually fall for it...
Added to that the fact athat big companies all have data save of important files.

stompix

legendary

Activity: 2912

Merit: 6403

Blackjack.fun

Quote from: Sniper44 on May 15, 2017, 09:31:36 AM

Quote from: stompix on May 15, 2017, 09:21:53 AM

Quote from: BitcoinHunt3r on May 15, 2017, 04:49:19 AM

wonder where they will sell their coins, some big exchanger must verify id right? even in my country some fiat exchanger ask user to verify their ID and must selfie to make sure it is real person

They will mix their coins 2-3 times , exchange to ltc or other coin on an exchange that doesn't require id for crypto withdrawals change them back into btc on another and then coin by coin on localbitcoins to fiat .

LB is also a bit of a mixer itself so by the time people will finish tracking those coins and altcoin movements...it will be 250

all the exchanges that i have seen so far (even exchanges like btc-e that are too flexible and anonymous themselves) have a line in their terms of services that says if any law enforcement asks them, they will give your information to them (full cooperation) and in case of such a big scam like this, i am sure a lot of agencies are watching where the coins are going to go and will find them if use an exchange.

Yeah and what info will they give? The addresses of those altcoins?
Then they will have to check again where those altcoins went? By the time they finally get a bit closer to their target they will stumble on a shady exchange that is already gone Wink

)).

Trust me, those guys will not get caught because of the bitcoin trail they leave behind.
And that is a good thing.
Otherwise the so called anonymity of btc would be considered a joke.

sportis

sr. member

Activity: 406

Merit: 252

Veni, Vidi, Vici

Quote from: Iranus on May 13, 2017, 03:27:06 PM

Do people really not back up their files regularly?

No they don't. Especially in public services where users call the IT for everything because they don't know or they don't like to do anything related to computers even though is a very stupid thing. So the most part of the day IT do lesser important tasks than it has to do. As an example ' local printer has a stuck piece of paper ' and so on.

Quote

I would assume that a huge part of the reason the thieves aren't getting as much money as we'd expect is because most people back up their files at least every month or so. Institutions should back up their files much more regularly than that.

No most people are too lazy to do a regular back say after a month or more. I believe hackers they didn't target whom computer would infected from virus.

Quote

Unless there's very significant new sensitive information that needs decrypting, there's not much reason for people to pay such a big ransom. If it was $20 instead, I would probably pay it anyway, but there's really no point.

I believe that $300 as a ransom is not a big amount of money for many services or institutions especially if these are located in Europe or USA or some rich countries in Asia. I don't know for the rest countries in the world.

iqlimasyadiqa

legendary

Activity: 1596

Merit: 1011

Quote from: DoublerHunter on May 15, 2017, 08:54:32 AM

They ransomware seems dominating their victims and they already getting a lot of bitcoins from getting ransom of encrypted files. If this kind of problem will continue then we should be in panic because the risk for the other bitcoin users is the price of bitcoin that can go down and we could lose a lot of money if it ever happen.

This is really a worrying thing. Already a lot of users affected by this virus. I think even if each of the victims paid then this will make the perpetrators of this crime is getting excited. They think that their work has been successful.

Sniper44

hero member

Activity: 714

Merit: 501

Quote from: stompix on May 15, 2017, 09:21:53 AM

Quote from: BitcoinHunt3r on May 15, 2017, 04:49:19 AM

wonder where they will sell their coins, some big exchanger must verify id right? even in my country some fiat exchanger ask user to verify their ID and must selfie to make sure it is real person

They will mix their coins 2-3 times , exchange to ltc or other coin on an exchange that doesn't require id for crypto withdrawals change them back into btc on another and then coin by coin on localbitcoins to fiat .

LB is also a bit of a mixer itself so by the time people will finish tracking those coins and altcoin movements...it will be 250

all the exchanges that i have seen so far (even exchanges like btc-e that are too flexible and anonymous themselves) have a line in their terms of services that says if any law enforcement asks them, they will give your information to them (full cooperation) and in case of such a big scam like this, i am sure a lot of agencies are watching where the coins are going to go and will find them if use an exchange.

alyssa85

legendary

Activity: 1652

Merit: 1088

CryptoTalk.Org - Get Paid for every Post!

Quote from: BitcoinHunt3r on May 15, 2017, 04:49:19 AM

wonder where they will sell their coins, some big exchanger must verify id right? even in my country some fiat exchanger ask user to verify their ID and must selfie to make sure it is real person

If they're smart they'll just sit on them for a decade or so, until most of the mixing services don't have their address on a blacklist. At that point, they'll sell.

stompix

legendary

Activity: 2912

Merit: 6403

Blackjack.fun

Quote from: BitcoinHunt3r on May 15, 2017, 04:49:19 AM

wonder where they will sell their coins, some big exchanger must verify id right? even in my country some fiat exchanger ask user to verify their ID and must selfie to make sure it is real person

They will mix their coins 2-3 times , exchange to ltc or other coin on an exchange that doesn't require id for crypto withdrawals change them back into btc on another and then coin by coin on localbitcoins to fiat .

LB is also a bit of a mixer itself so by the time people will finish tracking those coins and altcoin movements...it will be 250

Topic: Monitoring WannaCry hackers' bitcoin addresses in real time - page 5. (Read 22954 times)