Author

Topic: Ransomware Cerber Decryptor - Follow the coins (Read 1822 times)

legendary
Activity: 1708
Merit: 1036
Coindesk has an article today that may be very relevant for the OP:

http://www.coindesk.com/anthony-murgios-lawyer-argues-for-change-of-law-during-regulatory-panel/
legendary
Activity: 2786
Merit: 1031
I've recently examined a machine that got hit with Cerber Ransonware and was able to retrieve successfully a lot of files with data recovery software.


If you're lucky the files you need may still be intact.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
These are negative publications of bitcoin, a disgrace to the bitcoin community. I hope people stop feeding them.

The media just highlights these events because it has something to do with Bitcoin. Before Bitcoin these people used wire transfers and other payment methods and it hardly made the news. Also be aware that people can post any address on the internet and claim it has had something to do with crime. If they do not post evidence showing that the criminal asked for funds being send to that address, it is still just a normal Bitcoin address.

If this is a real address linked to Ransomware, it would serve no purpose. These people push those coins through anonymous mixer services and you will not be able to follow it. In some countries you might be able to subpoena these services to give up the information, but the chances of success is very slim. 
sr. member
Activity: 552
Merit: 250
These are negative publications of bitcoin, a disgrace to the bitcoin community. I hope people stop feeding them.
legendary
Activity: 1382
Merit: 1122
I know a small business owner that didn't pay the ransom. The hackers only gave them 48h to send 1BTC which at the time was worth about $300CAD. They didn't send any for 2 reasons: they didn't have any Bitcoins / couldn't get any and they had heard from others that had paid that their files were never released anyways. Hopefully these people slop up at some point.
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
It's not really possible to get your coins back. Those are pros. They know how to vanish with the coins without traces.

You can't prove anything when they are moved some steps.
sr. member
Activity: 350
Merit: 251
Shit, did I leave the stove on?
That is really bad and I don't condone online extortions but I think the police won't catch these criminals because $600 is too small of a sum for them to initiate any serious investigation. Maybe if some Bitcoin vigilantes help you track the transaction back to the criminals you could possibly locate their whereabouts but this is a really difficult task to do.
legendary
Activity: 1512
Merit: 1012
Beware if you receive coins that originate from this address as they are from a criminal activity.

People who might receive funds originating from this address might have no relation to these criminals and what they do... We all eventually have coins originating from less legal activities, like we have fiat coins and bills originating from non-legit activity.

It would also be interesting to submit files related to these viruses to antivirus companies, if they can be found among decryption warnings... (not sure if this variant is reversed yet)
legendary
Activity: 2604
Merit: 1036
Perhaps you can report the ransomware incident to Blockhain crime experts like Elliptic but if the theft was really for just $600 I don't think it will be worth it because whoever is going to investigate this will ask for more money than that in fees probably. The business owners should still report it to the police though even if it was an extortion for a small amount of money.
legendary
Activity: 3472
Merit: 4801
A local small business was infected with the ransomware, Cerber Decryptor.  I sent the coins for them
- snip -

Have you reported this to authorities?
- snip -
I have not as I was not the victim of the crime.
- snip -

If you happen to be in the U.S., you may want to be aware that others have been arrested for supplying bitcoins for ransomware payment and failing to file a Suspicious Activity Report (SAR) with the Financial Crimes Enforcement Network (FinCEN)
legendary
Activity: 2282
Merit: 1023
The coins has been moved to another address 

I just we all need to backup our important data/files in case we accidentally got hit by these ransomwares...
sr. member
Activity: 409
Merit: 251
Crypt'n Since 2011
Have you reported this to authorities? I'm not familiar with any specifics, but hopefully there is somebody out there - either law enforcement or white hat hackers - who is compiling and maintaining a list of addresses like this to be monitored on an ongoing basis. I'd suggest looking into that.

I have not as I was not the victim of the crime.  I suggested that the small business report it to authorities, but I doubt local law enforcement will be able to do much about it.  They may pass it along to the fed, but a $600 crime will probably not land high on their radar.

I will check to see if anyone is compiling a list of transactions involved in ransomware crime.

Thanks
legendary
Activity: 1708
Merit: 1036
Have you reported this to authorities? I'm not familiar with any specifics, but hopefully there is somebody out there - either law enforcement or white hat hackers - who is compiling and maintaining a list of addresses like this to be monitored on an ongoing basis. I'd suggest looking into that.
sr. member
Activity: 409
Merit: 251
Crypt'n Since 2011
A local small business was infected with the ransomware, Cerber Decryptor.  I sent the coins for them and they were able to decrypt their files.  The address the coins were sent to was 14rKSWF7qQquUWHfmEHzCod71jB4SsVS6B

Beware if you receive coins that originate from this address as they are from a criminal activity.  If anyone can eventually identify these people or person, please turn them in to authorities.

Thanks

Jump to: