Pages:
Author

Topic: Monitoring WannaCry hackers' bitcoin addresses in real time - page 8. (Read 22954 times)

hero member
Activity: 2184
Merit: 531
Almost $32k received based on the current btc rate.

That's nothing in terms of impact on Bitcoin price
I'd say that's a fair amount of money for making an encrypting trojan. It paid well for the time they spent making it, especially well since they left an easy to find way to shut it all down. Also I don't think the price decreased purely because of this hack. It didn't target the Bitcoin network, so there was no reason to panic and the price was peaking for days. People were waiting to take their profits.
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
Do you really think that those big companies that are affected by the virus will be paying bitcoins to decrypt their infected files? I think they just get specialist to remove the ransomware, but I am not sure if that is even possible with this big infection from last week

If the files are encrypted, that will be next to impossible (as others have said already)

Regarding big companies paying the ransom, it doesn't as much depend on the size of the company as on the importance of files encrypted, though it would be strange for a big company not to regularly backup their important data. As the saying goes, there are two kinds of people, those who create backups and those who don't yet. Apart from that, how many big names have been really affected by this piece of ransomware?

Almost $32k received based on the current btc rate.

That's nothing in terms of impact on Bitcoin price
legendary
Activity: 1414
Merit: 1001
This is one very bad crime. They are washing the data and then forcing it to do a transaction with bitcoin.
This can make bitcoin less trustworthy. Just imagine they use bitcoin for crime.
hero member
Activity: 2814
Merit: 734
Bitcoin is GOD
Do people really not back up their files regularly?

I would assume that a huge part of the reason the thieves aren't getting as much money as we'd expect is because most people back up their files at least every month or so.  Institutions should back up their files much more regularly than that.

Unless there's very significant new sensitive information that needs decrypting, there's not much reason for people to pay such a big ransom.  If it was $20 instead, I would probably pay it anyway, but there's really no point.
No people never backup their files, and a lot of business don’t do it either, they should do it but they don’t, I’m not an expert on computers by any means but sometimes friends ask me to fix their computers and that is one of the first questions I ask and the answer is always no.
full member
Activity: 320
Merit: 101
Almost $32k received based on the current btc rate.
sr. member
Activity: 1078
Merit: 256
Now how they will spend their hard earned hacking money, considering the addresses are known and probably are blacklisted everywhere?


Putting the coins through a mixing service most likely.

Next logical step maybe is to try to talk to this mixing services and to not let them used their services. But I doubt any agency specially UK and USA will do this for the sake of capturing the culprit. Or maybe the mixing services will do their own action, so that they can't used any exchange to convert the bitcoin they stole to fiat. Its like releasing the bitcoin wallet to all exchanges so that it will be blacklisted.
legendary
Activity: 1582
Merit: 1019
011110000110110101110010
For a global attack they have not collected a lot of bitcoin yet. Results as of 16:00 GMT

Address 1: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

live link: https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

31 transactions = 4.65255659 BTC



Address 2: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

live link: https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

27 transactions = 3.10004389 BTC



Wallet 3: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

live link: https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

36 transactions = 6.53259945 BTC



~ 14.28 BTC x $1735.35 per BTC = $24,781 ransom paid thus far.



Add more addresses as you find them.


UPDATE: 02:15 GMT

Address 1: 39 transactions = 6.97303882 BTC
Address 2: 30 transactions = 3.64134512 BTC
Address 3: 35 transactions = 5.00218759 BTC

EDIT: How could an address grow in transactions and shrink in total BTC when no withdrawals have taken place? (see address #3)

UPDATE: May 14, 2017 12:25 GMT

Address 1: 47 transactions = 8.4448838 BTC
Address 2: 35 transactions = 4.0009201 BTC
Address 3: 42 transactions = 5.83614653 BTC
legendary
Activity: 1878
Merit: 1038
Telegram: https://t.me/eckmar
If it was $20 instead, I would probably pay it anyway, but there's really no point.

Yes, that's why they don't really target individuals. But if they've found a couple of sloppy companies, jackpot!


I assume the following:
- that some institutions reverted to clean backups
- there are more than 3 addresses
- spread was stopped by a blogger who discovered a kill switch in the virus (this has been verified) - https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack

There have to be more than 3 addresses. And it's Saturday, many companies cannot access their money until the banks open Monday. Only then we'll see how big the damage is...
Do you really think that those big companies that are affected by the virus will be paying bitcoins to decrypt their infected files? I think they just get specialist to remove the ransomware, but I am not sure if that is even possible with this big infection from last week.

Big companies have insurances for the event like this that will probably pay this for them...
hero member
Activity: 546
Merit: 500
Now how they will spend their hard earned hacking money, considering the addresses are known and probably are blacklisted everywhere?


Putting the coins through a mixing service most likely.

the simplest way is using a real anon cryptocurrency not bitcoin which is not anonymous. the best thing that can be found is Monero (XMR) and they most probably will use that in their route, convert to monero > reach anonymity convert to fiat. and eventually they will switch to asking for that coin in first place.
It's quite a bit harder to exchange fiat for Monero.  People would have to go through Bitcoin themselves before they buy Monero and it would be a lot of inconvenience on top of the cost of the ransom which might give them an incentive not to pay it.

The thieves, however, can just take the Bitcoin through mixers into Shapeshift and take Monero out, then start exchanging that back into fiat.  As I recall there are services that accept Monero and then pay Bitcoin addresses with the value of the Monero you sent them, so they could connect to a LocalBitcoins user or something that way.

It shouldn't be hard to exploit Monero's anonymity for it.
hero member
Activity: 490
Merit: 501
Do people really not back up their files regularly? I would assume that a huge part of the reason the thieves aren't getting as much money as we'd expect is because most people back up their files at least every month or so.  Institutions should back up their files much more regularly than that. Unless there's very significant new sensitive information that needs decrypting, there's not much reason for people to pay such a big ransom.  If it was $20 instead, I would probably pay it anyway, but there's really no point.

This and many other lessons of this recent attack should be shared to all people and firms who can be subjected to the same thing later. This is now a new form of terrorism and on the side of the hackers/programmers can be a good source of money via Bitcoin. I am sure this will not be the last and in fact can be inducing more attacks in varying degrees and forms in the coming months and years. We should be careful and maybe NSA should be spending more time, focus and resources on this one.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Are you sure address 3 had 6.5235 btc in it at that time? I am seeing only 5.50119801 in it at this time. 🙃

Maybe some transactions got double spent / dropped?
Although who the heck would pay ransomware from the start when they know to double spend?!
jr. member
Activity: 59
Merit: 10
For a global attack they have not collected a lot of bitcoin yet. Results as of 16:00 GMT

Address 1: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

live link: https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

31 transactions = 4.65255659 BTC



Address 2: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

live link: https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

27 transactions = 3.10004389 BTC



Wallet 3: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

live link: https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

36 transactions = 6.53259945 BTC



~ 14.28 BTC x $1735.35 per BTC = $24,781 ransom paid thus far.



Add more addresses as you find them.


UPDATE: 02:15 GMT

Address 1: 39 transactions = 6.97303882 BTC
Address 2: 30 transactions = 3.64134512 BTC
Address 3: 35 transactions = 5.00218759 BTC

EDIT: How could an address grow in transactions and shrink in total BTC when no withdrawals have taken place? (see address #3)

   Are you sure address 3 had 6.5235 btc in it at that time? I am seeing only 5.50119801 in it at this time. 🙃
legendary
Activity: 1946
Merit: 1137
to OP:
you don't need to update the balance each time it receives a transaction, there are so many cool tools for it Smiley

use this one:
Code:
[img]http://btc-priceimg.herokuapp.com/balance/
/[/img]
replace
with address and (html-like hex code) is not needed but is an option to change the color of the text.
ref: https://btc-priceimg.herokuapp.com/

example:

hero member
Activity: 770
Merit: 500
Bazinga!
Now how they will spend their hard earned hacking money, considering the addresses are known and probably are blacklisted everywhere?


Putting the coins through a mixing service most likely.

the simplest way is using a real anon cryptocurrency not bitcoin which is not anonymous. the best thing that can be found is Monero (XMR) and they most probably will use that in their route, convert to monero > reach anonymity convert to fiat. and eventually they will switch to asking for that coin in first place.
legendary
Activity: 1834
Merit: 1094
Learning the troll avoidance button :)
Now how they will spend their hard earned hacking money, considering the addresses are known and probably are blacklisted everywhere?


Putting the coins through a mixing service most likely.

Would say they mix the coins a few times before they move the coins to an exchange to convert them into alt-coins or cash then repeat the cycle and so that no one can follow the route.
Either that or sell them to someone in person/generate new wallet keys before mixing them.
That or buy giftcards
legendary
Activity: 2604
Merit: 1036
Now how they will spend their hard earned hacking money, considering the addresses are known and probably are blacklisted everywhere?


Putting the coins through a mixing service most likely.
full member
Activity: 126
Merit: 100
To get anything will be done in various ways for the sake of individual pleasure .. that's the brightness that does not care about each other ..
legendary
Activity: 1582
Merit: 1019
011110000110110101110010
Question: Once you pay the ransom, how does the hacker know it was you who paid?

I missed that part. I mean people are sending their BTC to them. How are they tying the payment to the computer?
legendary
Activity: 3276
Merit: 1029
Leading Crypto Sports Betting & Casino Platform
If it was $20 instead, I would probably pay it anyway, but there's really no point.

Yes, that's why they don't really target individuals. But if they've found a couple of sloppy companies, jackpot!


I assume the following:
- that some institutions reverted to clean backups
- there are more than 3 addresses
- spread was stopped by a blogger who discovered a kill switch in the virus (this has been verified) - https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack

There have to be more than 3 addresses. And it's Saturday, many companies cannot access their money until the banks open Monday. Only then we'll see how big the damage is...
Do you really think that those big companies that are affected by the virus will be paying bitcoins to decrypt their infected files? I think they just get specialist to remove the ransomware, but I am not sure if that is even possible with this big infection from last week.
Ransomware honestly its so easy to remove there are many software that can remove those ransomeware upon experience this virus before by many laptops and computers when i was repairing their computer i notice that they are just hiding the files and only the created and copy of your files are in same folder that you can only seen if you turn of the hide system files..
Kaspersky is 1 of the tool that can recover your files from ransomware  this link may help you to recover all of your files from ransomware.
https://noransom.kaspersky.com/
many different ransomware so you can test them all to clean affected computer..

The other thing to make clean your computer is advanced hirens not a free 1 i think the hirens that i use for repairing by many years its i think hirens restored edition proteus.. this is not recommended for beginners . you can find this tool in piratebay..
Are you sure? In this time I was assuming if Wannacry is a new ransom and it's not registered on the database.
The ransom must be registered on the database and the software can be identifying the kind of ransom and try to recover the computer. I can't get your point but it seems impossible right now. Because WannaCry has made on 14 April and it's new ransom.
legendary
Activity: 2772
Merit: 1127
Now how they will spend their hard earned hacking money, considering the addresses are known and probably are blacklisted everywhere?
Pages:
Jump to: