Slashdot Mirror
WanaDecrypt0r Ransomware Earns Just $26,000 In Ransom Payments (krebsonsecurity.com)
An anonymous reader quotes Krebs On Security:
As thousands of organizations work to contain and clean up the mess from this week's devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what's being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam...
It's worth noting that the ransom note Wana popped up on victim screens (see screenshot above) included a "Contact Us" feature that may have been used by some victims to communicate directly with the fraudsters... I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward.
It's worth noting that the ransom note Wana popped up on victim screens (see screenshot above) included a "Contact Us" feature that may have been used by some victims to communicate directly with the fraudsters... I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward.
I think history is gonna show us that we were responsible for the Wana attack. It didn't cross my mind until I heard on NPR that Russia was the county that suffered from the attack the most- even getting into government computers. The Shadow Brokers released this trove of hacking tools a little while ago. This meant the door on using this exploit was going to start closing slowly. We also knew that hackers would take advantage of this exploit. So why wouldn't the US Govt, under the guise of a random hacker, use this exploit to garner as much info as possible on Russia while it was still possible? Remember that Obama told Russia that we would get them back, at the time and date of our choosing. And this would explain why the built in shutdown was hidden in the code- I wouldn't be surprised if that 20 something year old security researcher wasn't tipped off to register that domain name once we'd gotten access to some of Russia's infrastructure, to mitigate collateral damage to the innocent bystanders. That would explain why they "only" got $26k, if their M.O. was to make money there would have been zero reason to include a kill switch in the code.