You can read a more detailed analysis of the attack and which countries were most affected here. It's from the anti-virus company Kaspersky:
https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/
Topic: Russians and Koreans are the biggest payers to the global ransomware hackers (Read 490 times)
May 14, 2017, 04:39:56 AM
May 14, 2017, 04:09:52 AM
BTW, if people want to watch the bitcoin addresses, here they are (from the following article):
https://qz.com/982993/watch-as-these-bitcoin-wallets-receive-ransomware-payments-from-the-ongoing-cyberattack/
Wallet 1 (12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw)
Wallet 2 (13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94)
Wallet 3 (115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn)
The addresses were hard-coded into the malware, and the following article discovered them:
https://www.redsocks.eu/news/ransomware-wannacry/
There might be other addresses in other versions of the virus
https://qz.com/982993/watch-as-these-bitcoin-wallets-receive-ransomware-payments-from-the-ongoing-cyberattack/
Wallet 1 (12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw)
Wallet 2 (13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94)
Wallet 3 (115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn)
The addresses were hard-coded into the malware, and the following article discovered them:
https://www.redsocks.eu/news/ransomware-wannacry/
There might be other addresses in other versions of the virus
May 14, 2017, 04:02:12 AM
This/These hacker(s) are expert in the field and I doubt they will be caught. Has the bitfinex hacker been caught? They know what to do to mix and laundry their bitcoins, and they can do that many years down the road when everyone has already forgotten the hack.
May 14, 2017, 03:58:05 AM
I am eagerly looking at how these hackers will move this bitcoin out of this three addresses and will government be able to track them down or not. If this hackers use mixing services like bitmixer, will this services will halt the mixing or will they provide bitcoin address where those bitcoin ends up to investigators if requested?
Yes. I think they made a mistake by doing such a big hack - now everyone is looking at them, and as people have pointed out, bitcoin is very easy to track, so all journalists are looking at it (and the security people as well).
They would have been better off just doing small hacks under the radar. People's greed always gets them in the end.
May 14, 2017, 03:44:14 AM
That's BS.
So a guy bought 40 on Huobi then 40 and Paxful and he ended up short of 2$ and went to...."Silk Road Marketplace" ?
Lol
Chainalysis wanted some publicity but with this kind o work they are just making themselves look silly.
No, it means that Russians use the most pirated copies of win that haven't received the updates from March.
In the west there is the nightmare bureaucracy of making any changes to a network ,in the east... is lack of funds.
So a guy bought 40 on Huobi then 40 and Paxful and he ended up short of 2$ and went to...."Silk Road Marketplace" ?
Lol
Chainalysis wanted some publicity but with this kind o work they are just making themselves look silly.
But, that also means russian/korean don't have much knowledge about how to backup/secure their data.
No, it means that Russians use the most pirated copies of win that haven't received the updates from March.
In the west there is the nightmare bureaucracy of making any changes to a network ,in the east... is lack of funds.
May 14, 2017, 03:36:05 AM
I am eagerly looking at how these hackers will move this bitcoin out of this three addresses and will government be able to track them down or not. If this hackers use mixing services like bitmixer, will this services will halt the mixing or will they provide bitcoin address where those bitcoin ends up to investigators if requested?
May 14, 2017, 03:28:11 AM
It really doesn't matter where people bought their coins from. Frankly, it's okay for people to be paying the hackers if they don't have a decent backup or a way of getting out. If ransomware didn't actually decrypt the files after being paid, no one would pay the ransom, so in some cases people have to.
I mean what does this article prove? Not a lot, really.
I mean what does this article prove? Not a lot, really.
May 14, 2017, 03:10:45 AM
There is really no real anonymity in Bitcoin. Now, having said that, I am then praying that soon there would a clear protocol when incident like this can happen in the future so that we can discourage ransomware from spreading and prying on their victims. When hackers can sense that what they are doing is lucrative there would be more and more hackers/programmers to do it. Our governmental and private security groups should be two steps ahead.
May 14, 2017, 02:57:41 AM
https://qz.com/983186/global-hacking-attack-has-russia-and-korea-paying-out-bitcoin/
They traced the coins back to the exchanges where the victims bought their bitcoins too. Btc-e tops the list, but pretty much all the exchanges are listed.
Quote
Users with infected computers in Russia and South Korea are so far the two biggest ransom payers to the hackers who mounted a global ransomware attack, called “Wannacry,” yesterday, according to new data from Chainalysis, a provider of software that works with banks, law enforcement agencies, and bitcoin companies to analyze the blockchain for financial crimes.
All bitcoin transactions are permanently recorded on the blockchain, and anyone can view them. Chainalysis crunches these transactions and assigns them to clusters of “entities,” which could be bitcoin exchanges, wallet providers, or bitcoin miners. The firm found that the hackers, who ask for ransom to be sent to three bitcoin addresses, had received a total of nearly $23,000 so far in dollar terms, converted at the point the transaction was made.
The two entities that sent the most money to the hackers were bitcoin exchanges serving the Russian and Korean markets. “If you look at the infection rates, a lot of it is in Russia, so [the data] is complementing that,” says Jonathan Levin, a Chainalysis co-founder. “Given that we know the infections are also in Russia, I would say, it’s Russian users.”
All bitcoin transactions are permanently recorded on the blockchain, and anyone can view them. Chainalysis crunches these transactions and assigns them to clusters of “entities,” which could be bitcoin exchanges, wallet providers, or bitcoin miners. The firm found that the hackers, who ask for ransom to be sent to three bitcoin addresses, had received a total of nearly $23,000 so far in dollar terms, converted at the point the transaction was made.
The two entities that sent the most money to the hackers were bitcoin exchanges serving the Russian and Korean markets. “If you look at the infection rates, a lot of it is in Russia, so [the data] is complementing that,” says Jonathan Levin, a Chainalysis co-founder. “Given that we know the infections are also in Russia, I would say, it’s Russian users.”
They traced the coins back to the exchanges where the victims bought their bitcoins too. Btc-e tops the list, but pretty much all the exchanges are listed.
Jump to: