Pages:
Author

Topic: Monitoring WannaCry hackers' bitcoin addresses in real time - page 7. (Read 22954 times)

legendary
Activity: 1582
Merit: 1019
011110000110110101110010
Addresses are a little over 20 BTC. Never thought they'd see this much money, actually...

Question: Once you pay the ransom, how does the hacker know it was you who paid?

I missed that part. I mean people are sending their BTC to them. How are they tying the payment to the computer?

I was questioning myself exactly this. Maybe the ransomware hás a place to input txid?


Hmm... The ransomware would then need to centrally keep track of which transaction ids have been used.
What is somebody just copies the transaction id once the transaction is broadcast and keys it into the ransomware?


Looking at the image in the Twitter link above, perhaps once you send the required amount, it is automatically decrypted. They actually let you decrypt some files at no cost to prove it works. Nice of the crooks to give you a free sample.

sr. member
Activity: 1400
Merit: 269
You can actually decrypt the zip file of wannacry ransomware
the password is WNcry@2017.

You can thank me for that if get infected by it. Dont give this hackers bitcoin!
legendary
Activity: 1582
Merit: 1019
011110000110110101110010
hi!
Maybe this address is also used.
===
1QAc9S5EmycqjzzWDc1yiWzr9jJLC8sLiY
===

from:
https://twitter.com/malwrhunterteam/status/851687635554848768

Appears so

https://blockchain.info/address/1QAc9S5EmycqjzzWDc1yiWzr9jJLC8sLiY

12 transactions = 3.25249956 BTC as of 01:50 GMT
legendary
Activity: 1918
Merit: 1012
★Nitrogensports.eu★
Addresses are a little over 20 BTC. Never thought they'd see this much money, actually...

Question: Once you pay the ransom, how does the hacker know it was you who paid?

I missed that part. I mean people are sending their BTC to them. How are they tying the payment to the computer?

I was questioning myself exactly this. Maybe the ransomware hás a place to input txid?


Hmm... The ransomware would then need to centrally keep track of which transaction ids have been used.
What is somebody just copies the transaction id once the transaction is broadcast and keys it into the ransomware?
newbie
Activity: 1
Merit: 0
hi!
Maybe this address is also used.
===
1QAc9S5EmycqjzzWDc1yiWzr9jJLC8sLiY
===

from:
https://twitter.com/malwrhunterteam/status/851687635554848768
sr. member
Activity: 350
Merit: 250
Some of the media are blaming them on the drop in BTC price as they happened simultaneously. Make sense to me. What do you think?
I really do not see any major drop in the price of bitcoin,which charts are you watching. Thought is going for a correction yesterday but the price re bounded pretty soon.I am sure the authorities will be monitoring their moves and if they do something foolish then it is time they go inside bars for a long time. These kind of cheats and extortionist must be brought to the law.
legendary
Activity: 1582
Merit: 1019
011110000110110101110010
Some of the media are blaming them on the drop in BTC price as they happened simultaneously. Make sense to me. What do you think?

I doubt it. The bulk of people being affected don't control the btc market. The whole market is in a bubble. Bubbles burst...eventually.

Maybe the market is just looking for a reason or reasons. Like you said people are afraid to jump.

20.95 BTC hardly seems like enough to manipulate the market. Fear could but I don't see the fearful affecting this market because I doubt that many have more than a cursory knowledge of bitcoin.
full member
Activity: 235
Merit: 250
Some of the media are blaming them on the drop in BTC price as they happened simultaneously. Make sense to me. What do you think?

I doubt it. The bulk of people being affected don't control the btc market. The whole market is in a bubble. Bubbles burst...eventually.

Maybe the market is just looking for a reason or reasons. Like you said people are afraid to jump.
legendary
Activity: 1218
Merit: 1007
Some of the media are blaming them on the drop in BTC price as they happened simultaneously. Make sense to me. What do you think?

I doubt it. The bulk of people being affected don't control the btc market. The whole market is in a bubble. Bubbles burst...eventually.
I've been thinking the same thing since we crossed $1,600. It seems like the market is growing too big for its own good and there's a relatively high chance we're in the middle of a bubble.

I do not believe that the ransomware had that much of an effect on the value of Bitcoin, it likely had a small impact on the value at most.
legendary
Activity: 1582
Merit: 1019
011110000110110101110010
Realtime balance for all WannaCry' wallets here:

https://whitesunset.github.io/wannacrypt_balance/

Good link. Saves me the time copying and pasting.

I am still not buying that there are only 3 addresses though.
full member
Activity: 196
Merit: 100
Realtime balance for all WannaCry' wallets here:

https://whitesunset.github.io/wannacrypt_balance/
legendary
Activity: 1582
Merit: 1019
011110000110110101110010
Some of the media are blaming them on the drop in BTC price as they happened simultaneously. Make sense to me. What do you think?

I doubt it. The bulk of people being affected don't control the btc market. The whole market is in a bubble. Bubbles burst...eventually.
legendary
Activity: 1582
Merit: 1019
011110000110110101110010
WannaCry 2.0 is out and, guess what there is no killswitch anymore  Grin

If you wanna protect against such threats, check out https://bitcointalksearch.org/topic/m.18888453
Its impossible to get infected with WannaCry if you follow the whole guide

Was just in to sat the same thing. Crooks read the headlines and fixed their kill switch.
full member
Activity: 235
Merit: 250
Some of the media are blaming them on the drop in BTC price as they happened simultaneously. Make sense to me. What do you think?
hero member
Activity: 490
Merit: 520
Now how they will spend their hard earned hacking money, considering the addresses are known and probably are blacklisted everywhere?


Putting the coins through a mixing service most likely.

Next logical step maybe is to try to talk to this mixing services and to not let them used their services. But I doubt any agency specially UK and USA will do this for the sake of capturing the culprit. Or maybe the mixing services will do their own action, so that they can't used any exchange to convert the bitcoin they stole to fiat. Its like releasing the bitcoin wallet to all exchanges so that it will be blacklisted.
If they put it into an exchange and take it out again there's a decent chance that they're never really going to be ID'd as long as they use means to conceal where they are and other information about themselves. Sending it into an exchange, waiting, then sending it into a mixer, then another, and then doing whatever, might enough to break up their trail but dedicated individuals might keep diving deeper.
legendary
Activity: 1512
Merit: 1012
Addresses are a little over 20 BTC. Never thought they'd see this much money, actually...

Question: Once you pay the ransom, how does the hacker know it was you who paid?

I missed that part. I mean people are sending their BTC to them. How are they tying the payment to the computer?

I was questioning myself exactly this. Maybe the ransomware has a place to input txid?
legendary
Activity: 1400
Merit: 1009
Do people really not back up their files regularly?
No, they're too lazy to do it! i keep most of my files on external hdd and some important files on google drive(automatic sync) and i don't use windows. Wink

why isn't ETH demanded as ransom? leave bitcoin alone.
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
Almost $32k received based on the current btc rate.

That's nothing in terms of impact on Bitcoin price
I'd say that's a fair amount of money for making an encrypting trojan. It paid well for the time they spent making it, especially well since they left an easy to find way to shut it all down. Also I don't think the price decreased purely because of this hack. It didn't target the Bitcoin network, so there was no reason to panic and the price was peaking for days. People were waiting to take their profits.

Well, we don't know that for sure

Maybe, they didn't pay anything at all and just stole the code from the Alphabet agency (maybe, it was one of their employees or something to that tune). We don't know either if they will be caught but if they do get caught eventually, no amount of profit will be worth it unless they get off cheaply while extorting literally millions of dollars (like Cryptsy scammers did). Regarding Bitcoin prices, I'm never tired to repeat that with higher price we should expect higher volatility, even in relative terms, so the price swings of 200 dollars shouldn't surprise anyone any more. My best bet is for 1,200 dollars as a new support level and 2,000 dollars as a new resistance level
hero member
Activity: 910
Merit: 502
For a global attack they have not collected a lot of bitcoin yet. Results as of 16:00 GMT

Address 1: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

live link: https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

31 transactions = 4.65255659 BTC



Address 2: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

live link: https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

27 transactions = 3.10004389 BTC



Wallet 3: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

live link: https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

36 transactions = 6.53259945 BTC



~ 14.28 BTC x $1735.35 per BTC = $24,781 ransom paid thus far.



Add more addresses as you find them.

As compare to a massive world wide attack, the amount collected so far is not as much as it should be.  I also wonder if the people after paying the ransom, were there computer back to normal or still they remain affected by virus ?
The virus made the files encrypted and then it will decrypted once you pay $300 as a ransom. 
To help reducing further spreading of the ransomware possible measurement should be taken to avoid opening unknown emails and especially the one related to invoice.
sr. member
Activity: 434
Merit: 251
physics, mathematics and engineering
WannaCry 2.0 is out and, guess what there is no killswitch anymore  Grin

If you wanna protect against such threats, check out https://bitcointalksearch.org/topic/m.18888453
Its impossible to get infected with WannaCry if you follow the whole guide
Pages:
Jump to: