WanaDecrypt0r Ransomware Earns Just $26,000 In Ransom Payments

An anonymous reader quotes Krebs On Security: As thousands of organizations work to contain and clean up the mess from this week's devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what's being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam...

It's worth noting that the ransom note Wana popped up on victim screens (see screenshot above) included a "Contact Us" feature that may have been used by some victims to communicate directly with the fraudsters... I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward.

Good.

[CRC'99]

Hopefully if it becomes the norm that people don't make any money from these things, it won't be worth the effort to do....

Re: Good.

[Entrope]

Has that stopped bank robbers?

Criminals are not known for having the world's best impulse control or understanding of expected itchiness.

Re:Good.

[jellomizer]

I agree. Being that there are so many randomware attacts which even after you pay you don't get your data back. It really doesn't make any sence to pay it. And either you restore or just consider your data loss.
The problem with criminal money making, is that there will be someone willing to mess up your "business plan" with no legal recourse. What is this guy going to do sue the malware makers who don't decrypt people's data after paying for it?

Re: Good.

[CRC'99]

Its not the average thief putting something together like this.... What this has proven is that the reward for getting on the WANTED list on just about every country in the world is somewhat small.

Re: Good.

[jellomizer]

Bank robbers are not in it to make a load of money unless they are planning to break the vault. Normally they are just trying to get some cash to pay for drugs or a loan shark.
But compared to deploying a wide scale attack, a normal bank robbery doesn't require a lot of planning, unlike the a technical attack where there is days of planning.

Re: Good.

Who said they had to convert it to cash?

Re:Good.

[geekmux]

Hopefully if it becomes the norm that people don't make any money from these things, it won't be worth the effort to do....

I highly doubt it. Sadly, people do this kind of malicious shit just for the fun of it.

Before the concept of anonymous e-cash and ransomware came along, they often did.

Re:Good.

[Rockoon]

There were even books written... basically tutorials... on how to write a virus, with examples, long before there was any financial incentive to write one.

Re: Good.

[JaredOfEuropa]

Seems like it has. Bank robbery in the form of "hands up and fill up these bags" has become extremely rare here. The more sophisticated criminals break in at night and hit the safety deposit boxes instead, or they hit armored car companies. At the lower end you have the guys who hit ATMs, which have been protected to the point where the criminals use heavy explosives to get at the safe. Causing an awful lot of collateral damage, I might add.

Re:Good.

[chill]

In most cases the financial damage is too small to expend the resources. When the attack is in one jurisdiction, like Europe, with suspected perpetrators out of Russia and Iran, and the BTC account then has funds transferred to Kazakhstan banks and Philippine casinos...

Just think of the work needed to get all those jurisdictions to cooperate, much less allocate resources, etc. Assuming the cooperate at all.

Add to that funds can be transferred and withdrawn in literally minutes, and you have a real problem.

The hack on the Pakistani bank where their SWIFT credentials were compromised and they lost ~$84 million USD saw the majority of the funds transferred to casino accounts in the Philippines. Have a mule waiting to withdraw in chips and deliver a bag full of chips to a waiting recipient, who cashes out and flees to, say, North Korea or anywhere who just doesn't want to cooperate.

The mule gets $1,000 in cash -- more than he's ever seen at one time in his life. If he gets caught, he was just hired anonymously to make a delivery, so has no info and gets off light, if prosecuted at all.

You put the effort in for $84 million USD, but $26,000? Screw that. If they didn't hit so many targets this would be filed away and forgotten.

Western Union, MoneyGram (currently the target of a bidding war for acquisition), casino accounts, or even regular banks just split into dozens, if not hundreds of accounts that can be accessed anywhere in the world by an ATM card, and you have what is really a low risk, high profit criminal enterprise.

Re:Good.

[vtcodger]

It appears these guys (Is that sexist?) have mispriced their product. They have several options:

1. Increase their rates in hopes of generating more revenue from the same number of clients

2. Decrease their rates in hopes of generating more revenue from many more clients

3. Increase the number of computers they infect (i.e. broaden their customer base)

4. Improve their targeting in order to do a better job of reaching clients who will pay up.

They clearly need help from Ivy League MBAs

Re: Good.

[gweihir]

Bank robbers are the most stupid of the stupid, because everyone at least a little bit smart knows that a) they get little money out of it and b) basically all get caught.

So yes, for most practical purposes it has eliminated the threat from bank-robbers. They are a nuisance today at best and all of them are morons.

I would also like to point out that bank robbers never ever did anywhere near the damage that these people just did.

Re: Good.

[Dunbal]

At the lower end you have the guys who hit ATMs, which have been protected to the point where the criminals use heavy explosives to get at the safe.

Which is why here they prefer to stick a gun in your face and get you to withdraw as much cash as you can from the ATM. Rinse/repeat.

Re: Good.

[tburkhol]

Not sure where you are, but in Atlanta, it's only press reporting of bank robberies that has become rare. They're too commonplace to be interesting. Something like 60 unsolved over the past 2.5 years ( https://bankrobbers.fbi.gov/ ), not counting the ones who managed to get caught.

Re: Good.

[AvitarX]

My bank limits me to $500 at a branch, ATM and $350 at other ATMs

Re: Good.

[michelcolman]

Yes, in the last month or so Bitcoin has plunged from $1200 all the way... up to $1800 and higher. It's only worth just over 10 times last year's low point. The end is nigh!

Re:Good.

[michelcolman]

There are bitcoin randomizing services who take bitcoin from multiple parties and randomly redistribute them over many other addresses over a randomized period of time. No way for any outsider to tell which paid bitcoin came from which received bitcoin. Wallet A paid 5000, wallet B paid 8000, walled C paid 4000, wallet D received 1500, wallet E received 1800, wallet F received 500, wallet G received 800, wallet H received 1200, etc... and the totals don't add up because the randomizers take a cut which is probably also randomized.

Of course you might have some explaining to do if law enforcement wants to know why you paid for your pizza with bitcoin you received from a randomizer.

Re: Good.

[gnasher719]

Yes, in the last month or so Bitcoin has plunged from $1200 all the way... up to $1800 and higher. It's only worth just over 10 times last year's low point. The end is nigh!

Here's a hypothetical: Imagine some governments think about the role of bitcoin and decide that it is mostly used to aid in criminal activities, and there is no need to use bitcoin for anything non-criminal. And they decide that exchanging bitcoin for money or the other way round is now criminal and gets you jail time.

There is no reason why a government couldn't do that. With the British NHS under attack on the weekend, very few people in the UK would complain if that was made a law. So what happens to the value of bitcoin then?

Re: Good.

[Dunbal]

There usually is. Doesn't mean the scum aren't happy enough to take you to your limit then move on to the next machine and another victim.

Re: Good.

[stealth_finger]

Which is why here they prefer to stick a gun in your face and get you to withdraw as much cash as you can from the ATM. Rinse/repeat.

So basically you're saying there should be a limit on ATM withdrawal amounts?

Yeah. If you need loads of cash go into the branch.

What was the ROI?

[number17]

Without knowing how much time and money they put into creating, disseminating, and maintaining it we won't know the RIO. If it was an evenings work, and nothing more than a side job, then $26K could be worthwhile.

Re:What was the ROI?

[jellomizer]

There is the cost of getting caught. A multi-national attack hugging big organization will have a lot of people out for blood. Just hitting one or two areas you may get some jail time, but if this guy gets caught he is in serious trouble.

Re:What was the ROI?

[Alain+Williams]

Income $26K, cost to scammer ... probably not a lot, maybe a $few K. Cost to those scammed: huge, potentially millions and maybe a few lives lost or harmed — it hit quite a few hospitals; not that the scammers really care what it cost other people.

What is surprising is that something like this has not happened before now.... and when, oh when, are people going to stop using MS Windows for mission critical systems?

Re:What was the ROI?

[mikael]

The tech consultants on the UK newschannels say that it is possible to buy randomware kits off the black market.

https://nakedsecurity.sophos.c...

Given that shareware file system explorers and encryption routines are standard library functions, and it's easy enough to create a webpage with paypal and bitcoin pay buttons, just tacking on some network system exploits will allow the implementation of instant randomware.

Re:What was the ROI?

Risk of getting caught is nowhere near a good predictor of whether or not someone will 'break the rules'. Only anticipated reward counts. To deter crime, it's far more useful to reduce their expected gain rather than increase the chances or the penalties of getting caught.

Re:What was the ROI?

[arth1]

Not to mention that $26k, in many parts of the world, is a king's ransom.

So they should have kidnapped multiple kings instead, then.

Re:What was the ROI?

[arth1]

Cost to those scammed: huge, potentially millions and maybe a few lives lost or harmed â" it hit quite a few hospitals; not that the scammers really care what it cost other people.

There are also some benefits to society, like boosting emergency preparedness. This has clearly shown how NHS in particular are overly dependent on computer systems, to a point that hospitals can't operate when systems go down. How would they be able to handle a real emergency, like a war?

Nobody knew, or those who did didn't say anything. Now everybody knows, and there's a chance of vulnerabilities being scrutinized and contingency plans made and tested.

Re:What was the ROI?

[rmdingler]

WTF is randomware?

It's like when you say Pron or Frist psot in order to avoid bot scrutiny.

Re:What was the ROI?

[gtall]

"when, oh when, are people going to stop using MS Windows for mission critical systems?"

As soon as companies decide they need more than click and drool bodies doing their compute infrastructure. In a word, never. The problem is that the sort of person who can make the correct hiring decisions has been hired by people who have the least understanding of what it takes to secure systems, so they hire someone just like them who in turn hires the least expensive "talent", thus being able to report back that he's saved the company "millions".

And companies are not being held accountable by either laws, courts, or criminal prosecution, or the marketplace for being security morons. The marketplace doesn't correctly value everything, unlike Ayn Rand who can put a price tag on your grandmother.

Re:What was the ROI?

[Applehu+Akbar]

WTF is randomware?

You know, all those weekly updates to Adobe Reader and Flash.

Re:What was the ROI?

[vtcodger]

"What is surprising is that something like this has not happened before now.... and when, oh when, are people going to stop using MS Windows for mission critical systems?"

Not any time soon. Think for a while about the actual costs of moving a business, school, or government department off Windows. Acquiring new software, Developing new procedures. Training people. Rewriting the CFO's Excel spreadsheets and macros to work on something other than MS Office, etc.etc.etc.

Yes, Windows has evolved into a fairly crummy OS -- especially as a server. And Microsoft is no longer the reasonably user friendly company we knew in the 1980s and 1990s. And yes there are perfectly OK non-Microsoft alternatives for many (probably not all) things a company might need. Nonetheless, the costs of ditching Windows are REALLY staggering for most operations.

Re:What was the ROI?

[gweihir]

Not really. You can make this little money with conventional fraud in a few months at most, with nowhere near the risk of getting caught.

Re:What was the ROI?

[Cederic]

these awful cutbacks

The ones that include continually rising NHS spending, even in real terms?
https://www.kingsfund.org.uk/p...

Comparably up in Scotland where I am, the NHS isn't even nearly as bad.

Strange, a political party in Scotland thinks the English NHS is better.
http://labourhame.com/a-long-h...

I honestly believe if I had been born in England, I wouldn't be typing this, or anything, because of sudden death from a trivial infection.

You're a fuckwit then. Come to England, be amazed how you can still stay alive.

died from a trivial throat infection when being treated for cancer

Person with cancer dies, news at 11.

That's a tax I would happily pay for! I think most of England would agree.

Most of England would love Scotland to fucking pay its taxes and stop leaching off taxpayers south of the border. You go for it.

Re:What was the ROI?

[stealth_finger]

these awful cutbacks

The ones that include continually rising NHS spending, even in real terms? https://www.kingsfund.org.uk/p...

Is that why wards, services and even hospitals are being cut to ribbons all over?

These are the 19 hospitals, including five major acute hospitals, that are marked for closure as the NHS faces its biggest shake up in a generation to plug a £22bn black hole in funding, according to an investigation by i.

Acute hospitals closing or at risk of closure:
:: South West London – one of five sites proposed to close – St Helier, St George’s, Epsom, Croydon, Kingston
:: North West London – future of Ealing Hospital in doubt
:: Leicestershire – one of three acute hospital sites proposed to close
:: Black Country – merger of two general hospitals to a single site
:: Dorset – merger of Royal Bournemouth and Poole Hospital Community hospitals facing closure or redesignation:
:: Alston, Cumbria **
:: Maryport, Cumbria **
:: Wigton, Cumbria **
:: Hinkley and District Hospital, Leicestershire
:: Rutland Memorial Hospital, Leicestershire
:: Bolsover Local Hospital, Derbyshire
:: Newholme Hospital, Derbyshire
:: St Leonards, Dorset
:: Alderney, Dorset :: Westhaven, Dorset
:: Ashburton, Devon *
:: Bovey Tracey, Devon *
:: Dartmouth, Devon *
:: Paignton, Devon *
(* To be replaced by health and well-being centres) (** Closure of all beds under consideration)
Read more at: https://inews.co.uk/essentials...

And that's just the tip of it. The fact is the tories want it privatised, like they want everything privatised. They are dealing death by 1000 cuts (quite literally this time) by degrading services slowly and often enough that pretty soon health insurance will look like a good idea, then more and more people will get it to cover the short fall of the nhs, pretty soon gov can mandate everyone needs it to access nhs then the nhs is gone or exists in name only.

You only need to look at brexit, one of the big claims was the £350m a week for the nhs. Ok that was never a real pledge and no one actually expected them to get anything like that, but what happened? Oh, no new money at all for the nhs and here, have some more cuts. You can't believe a word the tories say, especially about funding public services.

If you want to vote tory fine, but at least have the fucking balls to admit that you're for cuts to hospitals, schools, services and everything else they can get their hands on. Don't insult the rest of us by pretending they do good things.

Can you take the tory challenge?

http://anotherangryvoice.blogs...

Re:What was the ROI?

[tehcyder]

It might damage the Tories, which I'd consider a public service.

The Tories will just blame it on Labour for not spending enough money on the NHS's IT systems while they were in power, and leaving them a coalition of computer chaos which only they can put right through strong and stable leadership and low taxes.

Re:What was the ROI?

[Cederic]

Yeah, something's going wrong with the budget. I lack the inputs to properly understand what; it's not going to be as straightforward as simple mismanagement, but it's not due to reduced funding.

You only need to look at brexit, one of the big claims was the £350m a week for the nhs

Who made that claim? Please quote someone representing one of the Leave campaigns because I can't find it anywhere. Just a shitload of fake news from across the media pushing the remain agenda.

The fact is the tories want it privatised, like they want everything privatised.

I recall Labour introducing the private finance initiatives that started NHS privatisation.

If you want to vote tory fine

Fuck no, I'm not voting for fascist totalitarianism.

Can you take the tory challenge?

Oh look, someone bleating on about shit they don't like. Show me any government and a comparable list is possible. Fuck me, a full half of that list is the legacy of Labour's borrow & spend policy that left the country totally fucked.

All that shit about cuts and austerity in that list but everybody's still bitching about the increases in debt. Forgive me for not bothering to reply to people so unwilling to have an adult conversation.

Re:What was the ROI?

[stealth_finger]

Quote someone representing the leave campaign? fuck off, they were all saying it, did you see the goddam bus they were driving around in? The problem wasn't who was or wasn't saying it, the problem was they never made it as an official thing, could never have made it an official thing and would never have as it was basically impossible. It was dropped as a topic they day the result came in. I get that the line at best was a dig at the money we put into the EU, who would/could honestly believe that they would take all the money going to the eu and put it all into one thing, only an idiot that's who, but at the very least it gave the impression more would be put in.

You do realise this government has borrowed more than every previous labour gov combined. (http://www.taxresearch.org.uk/Blog/2016/03/13/the-conservatives-have-been-the-biggest-borrowers-over-the-last-70-years/). So instead of borrow and spend, we now really have borrow and give. That corporate welfare isn't going to pay for itself. It's not even about borrowing. All the money that exists in our economy is borrowed. There is more debt than money exists. It's what you do with it that matters, labour put it back into the system, the tories are taking it out.

You're not voting tory? Good, I'm not going to try and convince you to vote for anyone else. I don't really care who as long as it's not tory.

As for the list. Yeah every government will have something similar, but for most you can at least argue a point why they've done it or identify its principle. Not many have such as long list of indefensible policies. You're wise not to take the challenge.

Re:What was the ROI?

[Cederic]

fuck off, they were all saying it

Then why is nobody able to source a quote?

did you see the goddam bus they were driving around in?

The one that didn't say what you're saying was said?

You do realise this government has borrowed more than every previous labour gov combined.

I do. Would you rather we cut the armed forces budget, the NHS budget, the education budget or local council funding to zero to better square the books?

Re:What was the ROI?

[stealth_finger]

Video of Farage giving the line.

http://www.independent.co.uk/n...

What did the bus say then?

https://www.google.co.uk/searc...

I would rather they cut corporate welfare. I would rather they didn't spend boat loads subsidising supposedly private companies. I would rather they didn't spend billions on trident. I would rather a lot of things really.

As you bring up the Army though did you catch Fallon straight up lying on TV the other day when denying they had broken their manifesto pledge of not cutting the armed forces to less than 82,000 and it now being 79,000? (http://anotherangryvoice.blogspot.co.uk/2017/05/the-tory-defence-minister-michael.html) Wouldn't suprise me if you did as basically no one picked it up.

Forget squaring the books, it can't be done. Literally can't be. You want policies that put money into public hands, so it can be spent, and taxed and then put back out and so on and the economy grows as the money circulates. Instead they take money out, so spending drops, tax revenue drops and the economy shrinks or stagnates. Inflation keeps going but pay gets frozen (not mp's pay though naturally), sound familiar? They heap money onto private companies to they can fudge numbers and say look it's getting better when it's really not.

Why is it seem you think Armed Forces, Education and NHS should be cut to ribbons just to square the books?

Re:What was the ROI?

[stealth_finger]

Here's Gove and Johnson standing infront of a completely different line to give the NHS millions more a week.

http://www.gettyimages.co.uk/e...

You can deny it some more though if you'd like.

Re:What was the ROI?

[Cederic]

Video of Farage giving the line.

No. Video of Farage saying £10bn/year should be spent in the UK.

Shit, he even mentioned schools explicitly. Remind me which part of the NHS budget pays for schools?

What did the bus say then?

Lets fund our NHS instead. It didn't say, "Lets put £350m/week extra into the NHS" no matter how much you want it to. Remain voters appear to suffer from poor reading comprehension.

As you bring up the Army though did you catch Fallon straight up lying on TV

Nope, missed that. I don't watch much TV. I am very aware of the challenges facing the armed forces though, yes.

Why is it seem you think Armed Forces, Education and NHS should be cut to ribbons just to square the books?

What are you asking me for? You're the one bitching about Government borrowing.

Here's Gove and Johnson standing infront of a completely different line to give the NHS millions more a week.

I don't see the digits 3, 5 or 0 in that statement.

Hopefully you now understand why I disregard people talking shit about promises that weren't made.

Re:What was the ROI?

[stealth_finger]

You seem to the one with reading compression problems. No it doesn't explicitly say that but it strongly associates the two things and to you unless they specifically use those exact words you can discount it so why bother. The pre vote run up for leave was basically the NHS and immigrants. When did i bitch about borrowing? I have issues with how the Tories use it but borrowing is key to the fundamental economy. It can't exist in it's current state without it, but that's besides the point really.

Re:How much in bitcoin is that?

[thygate]

about ~14.5 BTC at the current exchange rate.

I normally like Krebs, but...

[dreamchaser]

"However, I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward. "

This is the most idiotic statement I've ever seen him make. It is a good thing if there was little reward, and his implication that he is disappointed that they didn't get more is just mind boggling.

Re:I normally like Krebs, but...

[BiffRoxx]

I'd mod you up if I had points. The less incentive to pull off these attackes, the better.

Re:I normally like Krebs, but...

[Zocalo]

I think you're looking at it from a different perspective to Krebs, although I agree that the wording could have been better. My impression is that he's saying he's depressed that those responsible would (presumably) consider the massive cost of cleaning this up for those impacted as collateral damage for their relatively meagre $26k return. Of course, other than the raw numbers, that's no different from any other legal industry where profits rely on basically screwing over others in order to make a buck; you could just as easily level the same charge at any industry with a significant environmental impact, for instance.

Re:I normally like Krebs, but...

[chill]

Agreed.

I think Krebs means "if they're willing to cause this much grief for so little return, we don't have much hope of economics ever stopping these attacks".

The ROI on this is probably insignificantly low, so we're stuck with this sort of shit.

Re:I normally like Krebs, but...

[rmdingler]

Spot on. The logical fallacy (that Krebs is subscribing to) is that people who would stoop to this form of income generation would be bothered in the slightest by the imposition their activities cause others.

You see examples of this all the time. Perpetrators cause thousands of dollars in damage to a vehicle to steal tens of dollars worth of loot. Air conditioning equipment worth thousands is rendered worthless for a few dollars in scrap copper.

You might say the give-a-shitter is broken in these folks.

Re:I normally like Krebs, but...

[Gravis+Zero]

This is the most idiotic statement I've ever seen him make. It is a good thing if there was little reward, and his implication that he is disappointed that they didn't get more is just mind boggling.

I agree completely! I mean, with such an awful payment interface they shouldn't be rewarded! What they should have done is made a nice form where people can type in their credit card number which then purchases and sends the bitcoin where it's needed without any additional user interaction. I'm just say, streamlined ransomware interfaces are what we really need. ;)

Re:I normally like Krebs, but...

[Zocalo]

Absolutely, but the likely order of magnitude this will almost certainly result in is far from typical. Just looking at the NHS, we're essentially talking one of the largest government quangos in the world, so I can't even begin to imagine how many external consultants were involved at whatever ridiculous rates they get to charge for "working around the clock" in order to clean this up. You can almost guarantee that the IT services firms involved with the various NHS Trusts that got hit would have seized the opportunity to get as many billable hours on the clock as possible as well, right down to catering staff necessary to keep the actual hands-on IT workers plied with coffee, not to mention all the management effort on the night and in the post-mortems... And that's just the immediate clean-up effort; factor in the on-going involvement of law enforcement and security services, plus the inevitable Official Inquests and reports to government, and you're going to be well into the tens of millions.

To get back to your analogy, that's like someone smashing a window to grab something left on the seat of an old Ford and the repair bill turning out to be more than a brand new Ferrari... By the time you've included the other major organizations that got hit as well, you're going to be looking at quite the collection of supercars.

Re:I normally like Krebs, but...

[whoever57]

The ROI on this is probably insignificantly low, so we're stuck with this sort of shit.

I don't think you are using the term "ROI" correctly.

Setting up the whole ransomware attack could have been set up with a few hours work. $26K for a few hours work is a pretty good ROI, especially if you are not in a first-world country.

The issue is the damage caused to make $26k, but perhaps the ransomer doesn't care about that. It's an externalized cost.

Re:I normally like Krebs, but...

[gweihir]

Indeed. Even amateur criminals stop high-risk crime if it turns out to not pay. Professional criminals would never do such a thing in the first place. Far too high profile, far too high damage and hence far too high change to piss off some people that can actually do something about it.

Re:I normally like Krebs, but...

[epine]

I agree that the wording could have been better.

Yes, and at the same time, it could hardly have been worse.

I find it depressing to indulge in my darkest projected nightmare that those involved blow through the entire $26,000 on a sleep-deprived cocaine and hooker binge, and are right back at it a week later.

That would be the honest thing to write after a weekend movie binge including The Wolf of Wall Street, Fear and Loathing in Las Vegas, Brewster's Millions, 21, The Starbucks scene in Austin Powers, and the opening train scene of Dirty Rotten Scoundrels in which Steve Martin crows over pocketing an ill-gotten $20.

The problem here with that this sad-sack lament is that it depends upon his movie-binge–infused paranoia that those involved regard $26,000 as an insanely large sum of money and that they have a unlimited supply of in-roads to lather, rinse, and repeat their way into A) more cocaine and hookers, or B) more cocaine and hookers, a nice house in the suburbs, plus a tidy 401k.

Re:I normally like Krebs, but...

[gnasher719]

This is the most idiotic statement I've ever seen him make. It is a good thing if there was little reward, and his implication that he is disappointed that they didn't get more is just mind boggling.

Your brain doesn't seem to work right. What Krebs dislikes is someone creating tremendous damage for very little gain. What would you prefer: Some pickpocket pulling $20 from your wallet, or some idiot smashing your car windows to steal $20 from the glove compartment, then setting the car on fire to destroy any fingerprints?

Re:I normally like Krebs, but...

[dreamchaser]

Bullshit. I'm sure he just chose the wrong words but what he wrote was akin to 'The bankrobbers killed several people and I'm depressed that they did that but didn't get away with a ton of money in the process.' Look to your own brain.

Rewarding bad behavior

[markdavis]

This is why we should ever pay ransomware.

1) There is a big chance they are not going to unlock your data, anyway.

2) You don't know if they have also stolen all the data and can then do other things to harm you in other ways. Or left residuals in your computer.

3) By paying, you are a "mark" so they might go after you again.

4) Paying absolutely encourages them to continue this behavior and incentivizes others to joint them.

We need to educate everyone: Backup your data redundantly and check it regularly, and don't pay ransomware.

Re:Rewarding bad behavior

[tigersha]

Then find them and smash the goddamn heads in with a baseball hat live on YouTube, just to make sure.

Re:Rewarding bad behavior

[gtall]

Yep, all we need to do is ask the perps whether they did it. Then we can pop them if they say yes. They'll be real forthcoming when they see the baseball bats.

Re:Rewarding bad behavior

[Applehu+Akbar]

Wrong. You should always pay the ransom. It should be a law to do so.

Okay, now tell us how much you hate space since that time you caught Jack Parsons in flagrante with your ex-wife.

Re: Rewarding bad behavior

[nachtelfjeiu]

This is why we should ever have an education system teaching people the difference between should and shouldn't and between ever and never. Such people might understand a bit of what's going on in the world and thus be less inclined to spread ransomware.

Re:Rewarding bad behavior

[rkordmaa]

Completely irrelevant if you have been stupid enough to get business critical data locked up. If its a choice between bankruptcy and ponying up some money, what are you going to do? Well maybe if you are dumb enough to end up in a situation like that in the first place you are also dumb enough to sink your company by refusing a small payment due to your moral outrage. Its one thing to loose your collection of cat pictures, its something else to loose data worth millions (yes it does happen, more often than you think).

Re:Rewarding bad behavior

[vtcodger]

1) There is a big chance they are not going to unlock your data, anyway.

"They" aren't going to unlock your data. You are. But with their pricing, they will almost certainly tell you how. If they don't, their revenue stream will become nonexistent once the word gets out that paying doesn't get the data back.

Re:Rewarding bad behavior

[Solandri]

We need to educate everyone: Backup your data redundantly and check it regularly, and don't pay ransomware.

Actually, I think this is one problem which does have a (partial) technical solution. Right now files on computer storage are treated as unique discrete objects with a single state. We're unnecessarily treating a virtual object as if it were a physical object. Newer filesystems have the ability to retain the previous states of a file (snapshots). NTFS has it, but it has to be turned on manually. It's basically like making a backup every time you change or modify a file. If ransomware encrypts the files on such a system, all you have to do is remove the ransomware, delete the instances of files created after the time of infection, and use the previous version of those files instead.

If you think about it, it makes a lot of sense. If you've got a 2 TB HDD and your files are only taking up 500 GB, then the remaining 1.5 TB is essentially wasted. Why not use some of it to store previous instances of files? It's like how unused RAM is used as an ad-hoc disk cache by all modern filesystems. You have it, you're not using it, so better to use it for something instead of nothing. It's not a true backup (you'll lose it if your HDD dies), but it's better than nothing. And on numerous occasions I've been asked to recover files which were overwritten - the owner accidentally saved a new or empty file with the same name as a needed file. With current filesystems when you do that, the old file's data is obliterated by the new data, making it unrecoverable.

All that needs to be done to protect against ransomware is to make the snapshotting an integral function of the filesystem, not something that can be controlled directly (ransomware can just turn off NTFS' shadow copies). Then ransomware would have to do something like first fill the drive's free space with files containing random numbers (to defeat disk compression) to wipe out the snapshots, before it could start encrypting files. The slowdown associated with that would give victims more time to react - 3 of the 4 people who've contacted me because they were hit by ransomware contacted me while their system was being encrypted, or were smart enough to recognize what was going on and shut off the computer immediately.

Re:Rewarding bad behavior

[nadaou]

"Sorry we didn't receive your payment, could you try again?"

Re:Rewarding bad behavior

[AvitarX]

I'm sure a simple flag could be used to never delete old copies too.

It would open up a DoS by writing nonsense over and over, but it would protect fully from ransomware.

Some filesystems allow other drives to hold the snapshots too I think, you could essentially have unlimited space if you kept rotating in new external drives. For a home system, that would essentially be free.

Re:Rewarding bad behavior

[markdavis]

>"This ransomware here will encrypt attached devices - such as external usb drives - and any network share you may have access to. So even if you have backups, you can still get burned."

That's not a real backup. That is just a online copy. A real backup is made to a device which is then stored separate from the computer. It protects from malware, from theft, fire, disaster, etc.

Re:Rewarding bad behavior

[dbIII]

That's a bit naive of you.
Scammers work on the assumption that "there's a sucker born every minute".
Word gets out, but then they just move onto someone that hasn't listened to the word or thinks "others got stung but I'll be ok".

Re:Rewarding bad behavior

[houghi]

Backup your data redundantly and check it regularly,

And by chewcking, try out if the restore works, not if the backup worked.

I myself use StoreBackup for redundant backups of data that changes on a regular basis (config files and system settings) and rsync for fixed data (e.g. music and music)

$26k seems like a good ROI

[mark_reh]

Until you factor in trying to hide from the FBI/Interpol for the rest of your life. Are you sure those transactions are completely untraceable? Yeah, sure, keep telling your self that. Sleep well...

Re:$26k seems like a good ROI

[JaredOfEuropa]

BTC transactions are utterly and completely traceable, that's kind of the point. They are anonymous, though. So what these criminals will do is pay some poor sap to set up a BTC wallet, send the bitcoins to him, let him convert them to currency on his bank account, after which the criminals will simply withdraw the money from an ATM using his card. As long as you have no relationship to the middleman and if he keeps his mouth shut (or better yet: has no clue as to who you are), you're safe. Criminals use this method all the time.

Re:$26k seems like a good ROI

BTC transactions are utterly and completely traceable, that's kind of the point. They are anonymous, though. So what these criminals will do is pay some poor sap to set up a BTC wallet, send the bitcoins to him, let him convert them to currency on his bank account, after which the criminals will simply withdraw the money from an ATM using his card. As long as you have no relationship to the middleman and if he keeps his mouth shut (or better yet: has no clue as to who you are), you're safe. Criminals use this method all the time.

Those who launder cash (another form of "anonymous" currency) have gotten caught in the past, so there's little reason to believe one may never get caught doing the same thing with bitcoin.

Re:$26k seems like a good ROI

[Registered+Coward+v2]

Until you factor in trying to hide from the FBI/Interpol for the rest of your life. Are you sure those transactions are completely untraceable? Yeah, sure, keep telling your self that. Sleep well...

Not only that, but they've pissed off a number of countries as well; some of whom may not worry as much about some of the niceties of the law.

In addition, the use of Bitcoin as payment will no doubt result in increased pressure on exchanges to make both parties of a transaction identifiable so that the recipients of ransom payments can be identified and apprehended and payments stopped; so even if they are mules the source of cash is cutoff. At some point exchanges depend on the banking system to convert Bitcoin into other currencies so that is one of the pressure points available to governments to exert control over exchanges.

Re:$26k seems like a good ROI

[Registered+Coward+v2]

BTC transactions are utterly and completely traceable, that's kind of the point. They are anonymous, though. So what these criminals will do is pay some poor sap to set up a BTC wallet, send the bitcoins to him, let him convert them to currency on his bank account, after which the criminals will simply withdraw the money from an ATM using his card. As long as you have no relationship to the middleman and if he keeps his mouth shut (or better yet: has no clue as to who you are), you're safe. Criminals use this method all the time.

One challenge may be the volume of cash being transferred. For small amounts over time a few accounts might suffice; but for tens of thousands of dollars over a short period limits on ATM withdrawals limit access to cash and either require more time or a lot of accounts; either of which increases the chances of getting caught or in the former of the funds being cutoff before you can get the bulk of them. Alternatively you could leave them as Bitcoin and dole them out over time; but I can see where at some point Bitcoin exchanges will be required to identify parties to transactions and the anonymity of Bitcoin will go away.

Re: $26k seems like a good ROI

[nachtelfjeiu]

Having pissed off some countries is quite bad. Having pissed off a multitude of companies and their it staff who now have to justify not updating sooner is ruh-roh bad.

The real question is...

[Excelcia]

The real question is why isn't the NSA getting its feet nailed to the floor for this? They discovered (or engineered) a critical weakness in a major operating system, and rather than report it to make sure we are actually safe from this threat, they used it to make malicious software which then got released into the wild and is being used against the world.

This is the largest breach of trust of any US government agency that I know of, and yet people are just ignoring that aspect of it.

Re:The real question is...

[gtall]

Yeah, those nice Russians and Chinese would never think to do such a thing as those naughty NSA Guys.

Re: The real question is...

[neilo_1701D]

This issue was patched in the march security rollup. If you don't apply patches within 2 months, I can't help you.

See also why xp needs to be gone.

That would be the Windows XP that Microsoft released a patch for, right?

Re:The real question is...

[chihowa]

All the more reason to make sure that the flaw is patched instead of weaponizing it with the naive idea that nobody else will discover it.

Re:Fiasco ..

[arth1]

the ransom was around 300$ and more than 75000 computers infected..
That's mean less than 0.1% paid for description ... That's a total fiasco lol,

Not if this was hacked up by someone without a job or on spare time, using existing resources. Any non-zero profit would then be a win.

Fuck the money, what about the DEATHS?

[CFD339]

People in hospitals did not get care due to this. There was at least one critical stroke response unit that had shut down complete. Medical equipment also relies on computers, some of which were vulnerable. You want to blame the "victims" for un-patched systems? Sure, all systems should be up to date, but that's a bit like blaming the victim of a stray bullet from a gun fight for not wearing combat armor when he went out for a sandwich that day.

Re:Fuck the money, what about the DEATHS?

I don't agree with this.

My guess is why they get caught with this sort of thing so often is their systems are probably frequently using outdated operating systems where they simply can't get patches any more as they're no longer supported. When a piece of equipment costs a million to buy, you're going to use it as long as possible. And when you bought it in 2005 when Windows XP was the latest and greatest, and the manufacturer never released a version of their software for new versions (maybe they went out of business), is the hospital supposed to upgrade it and just hope that the software keeps running? No, the system will just go unsupported.

The only thing I can think of that's reasonable for hospitals to do that they don't is to keep this sort of machine isolated from the internet. But again, hospitals are in the field of medical help, not IT, so it can be expected that their IT infrastructure may not be the best. And if you think they should be held responsible for not having good IT, well, assuming you're specialty is IT, should you be held responsible for your inability to provide quality medical care?

Re:Fuck the money, what about the DEATHS?

[xystren]

This is a prime example of our over-reliance on technology. For years, since I was a teen in the '80s, I always asked 'what happens if this stuff fails.' I recall events with the phone company, where the land lines wend down for almost 20 hours, due to a failure that cascaded down their redundancy plans. I remember the $#i7storm that arose out of that, both civil and political (this was a gov't crown corporation In Canada).

We see difficulties when the power goes out in retail stores, that staff is unable to 'make the correct change' with a cash transaction because of the over-reliance on technology. Hand a kid ten dollar bill with a quarter, for a nine dollar and twenty-five cent transaction, after he has entered only ten dollars as the tendered amount? Talk about confusion. Talk about the inability to function without technology.

For too long, technology (or electronic, or digital - pick your word) has become equated to good, while non-technological means is bad. Do we ever consider the consequences if technology if it fails and how do we manage during the times of that technological failure.

I worked in care facility, where medications were required to be logged and distributed at specific times for residents. Yes there were electronic health records (EHR), but this portion was kept on pen and paper that was scanned to the EHR daily. Why? Because all too often the EHR system would be inaccessible for what ever reason... where it be power failure, internet accessibility, issues with the corporate network, or issues with the out of state datacenter. The residents would always be able to get their medications due to the non-reliance on technology. All too often technology is implemented for the sake of technology, and rarely is the question asked if this is a good implementation of technology? And better yet, an even more infrequently asked question, what happens if this implementation of technology fails and how do we continue to function without that technology?

Everything in hospitals now has come down to protocols... If X occurs, do Y. Unfortunately this goes as far to determine how treatment is administered - 'we can't do this because there is not an established protocol.' Much of this arose out of the need to protect doctors/hospitals being sued into oblivion. Yet this also prevents and discourages the ability to think on ones own feet, which would have been highly valued in a situation like this. Over reliance on protocols & technology diminishes the ability to think and work through difficulties or problems.

It is truly unfortunate that such an event occurred and that lives were put at risk and/or lost. This is more than just a outbreak of ransomware, but our inability to function when technology goes wrong. That I feel is the greater concern.

Re: Fuck the money, what about the DEATHS?

[nachtelfjeiu]

The lives lost by the errors of doing everything on paper would be a magnitude higher. The only problem you have is a generation gap.

Re:Fuck the money, what about the DEATHS?

[nnull]

This is a prime example of massive incompetence that's prevailing in every industry. Simple as that.

Re:Fuck the money, what about the DEATHS?

[CFD339]

Many of the vulnerable systems are embedded computing systems or systems that the vendors have to update and those updates become unavailable. It's a problem hospital security people are constantly battling. Hospitals purchase the equipment based on it's ability to do a job medically, and getting security to be a critical part of that assessment is a long hard fight.

Re:Fuck the money, what about the DEATHS?

[CFD339]

You've just declared yourself a giant asshole by turning yet another thread into a venue to show off your ill informed parroting of inaccurate political slander against a person who is no longer a relevant candidate.

Re:Fuck the money, what about the DEATHS?

[CFD339]

If you take advantage of someone's incompetence to kill people, you are still a murderer.

Re:Fuck the money, what about the DEATHS?

[Trogre]

And if you think they should be held responsible for not having good IT, well, assuming you're specialty is IT, should you be held responsible for your inability to provide quality medical care?

I was with you right up until your second paragraph which, to be kind, is utter Phonus Bolognus.

Healthcare providers who own and use specialised equipment *absolutely* are responsible for its care and maintenance. If they can't maintain the equipment themselves then they pay someone else to do it for them.

Frankly, I'm shocked and a little unnerved that *anyone* would think like you seem to.

Re: Fuck the money, what about the DEATHS?

[xystren]

And how is data entry into an electronic system not subject to the same errors that a paper system would be subject to? Yes, electronic systems have the ability to do certain checks that have been established to a set of rules, but paper would not inherently create more errors.

I'll bite on the generation gap comment.....We have and old saying, "Don't put all your eggs in one basket" - there is nothing wrong with a hybrid system (as mentioned below in another comment) that would provide critical access to required information should one of the systems go down....

What?

[kenh]

I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward

Yeah, as clever as they were they deserved more money?!

Just think, because it made so little money, this may be the last time we see such a wide scale attack, how sad... /sarcasm

Re:What?

[Zocalo]

"Just think, because it only killed a few valuable targets, this will be the last time we see someone drop a few 100kg of high explosive into a residential zone, how sad..."

It's not the best wording, but Krebs is clearly bemoaning the relative levels of collateral damage here, not the relatively meagre payoff for the perpetrators.

Re:Obviously not "organized crime", then

[Zocalo]

I'm not so sure you can really draw that conclusion, although it's certainly a possibility it was just a "hobbyist", there's no reason why an organized criminal gang wouldn't just launch a malware campaign and let it drift where it would either, and either way they didn't really do so bad on that front, even allowing for the "killswitch" domain registration. As for the $300, yeah, it's low, but that's kind of the point - it's a much more affordable amount that might just tempt a few more people to think it's worth paying vs. trying to recover from whatever viable backups they may have, and much easier to reduce your exposure.

Financially, ~100k random victims paying $300 is still a few times better than a single nation state or major corporation paying several million, especially since it's much less likely to provoke the kind of robust response from law enforcement that a large scale targetted attack will prompt, let alone a ransom demand to a head of state. Of course, if your ~100k random victims also happens to result in major distruption to government organizations and major corporations like this did, you're pretty much guaranteed to get some serious law enforcement attention too, not to mention being made an example of if you get caught. In that light, I suspect the perpetrators - regardless of whether they are a hobbyist or an organized gang - will be sweating buckets over just how well they hid their tracks right now, and might even consider claiming their paid ransoms too much of a risk, and that's also a key point here.

While I agree that things are likely to get a greal deal worse, with a little luck the blowback from this is going to give those behind such attacks some serious pause for thought over the risk vs. reward they have, and should hopefully push that point back a fair way. It's just thrown the whole "spray and pray" approach of such campaigns into stark relief; you have almost zero control over who might get impacted by your campaign, and there's a very real chance you are going to hit some people with the connections to make law enforcement make a real effort to track you down, and all for a few $10k split however many ways? I suspect a lot of hobbyists, and probably a few organized gangs too, are going to be asking themselves whether that is *really* worth the risk of messing up the rest of your life for over the next few days, and will be doing so again if the perpetrators actually get caught.

Where are those vaunted spy agencies on this?

[Applehu+Akbar]

"Contact Us" feature that may have been used by some victims to communicate directly with the fraudsters...

So the agencies that supposedly can backdoor any electronics and trace all movements of data can't penetrate thise fragile Bitcoin exchanges or trace phone calls to the perps?

Re:Where are those vaunted spy agencies on this?

[craigminah]

They'd be all over "tracing the phone calls to the perps" if they could "incidentally" intercept Republicans at the same time.

Re:Where are those vaunted spy agencies on this?

[athmanb]

I'm assuming the "Contact Us" feature goes over Tor, so you can already forget any CSI-style phonetapping or IP tracing.

The FBI could probably try to infect the perps with some 0-day malware to uncover their real identities but I'm guessing the elect not to try it because the chances of them actually falling for a cheap trick like that is miniscule compared to them grabbing the malware, reverse engineering it, then using it to infect more people.

Seems people are getting a bit smarter

[gweihir]

The good thing here is that people have apparently gotten the message to not ever pay these people. Given that they will be completely destroyed if ever caught and that there is a lot of incentive to catch them, I hope this problem will just vanish over time.

Re:Seems people are getting a bit smarter

[gweihir]

Probably not. Nor do I think they will ever, because unless these criminals are utterly dumb, they will stay away from those BC wallets and any communication with victims like the plague. The global reaction and "success" of their campaign is just too much, they are now targets themselves.

Re:Seems people are getting a bit smarter

[nnull]

But they're still going to pay their incompetent staff and contractors. So they are paying off someone in the end.

Re:not the point

[gweihir]

A rough estimation would be between $100M and $1B at this time. That should be plenty of incentive to catch these people.

But that so few payed is actually a good thing, because it means this type of crime does not pay in comparison to the risk the perpetrators take. Hence it kind of _is_ the point.

Re:$26,000 untaxed is a lot of money

[gweihir]

Not if you did about 10'000 ... 100'000 of that in damage and have a lot of angry people after you. And they have not even got that money yet, because one point where they could get caught is when they try to get that money out of the BC valet. BC is not really anonymous, despite what the press likes to claim.

Re:Obviously not "organized crime", then

[gweihir]

Criminal enterprises of some sophistication that have been around for a while want one thing most: To stay in the shadows and quietly do their thing. It is good criminal practice to stay under the radar by being not more than an annoyance. This attack has none of the characteristics attractive to such an enterprise or rational single criminals. When the evil scum that did this (definition of evil used: accept huge damage to somebody else for a moderate personal gain) get caught, we will see this is one or a very small group of losers.

And I think this time, they will get caught if at all possible. They did huge damage and disabled critical infrastructure on a scale that terrorists can only dream of.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Too many people with nothing to lose

[rsilvergun]

there's lots and lots of engineers in China, India & Eastern Europe without much to lose. Their economies have little to no safety net, meaning if you trip up you crash hard. This is one of those consequences of abandoning a good chunk of your population to the forces of nature and the whims of capitalism. There's talk about the US slashing aid to poor middle eastern countries and of Isis et al looking forward to it so they can move on and radicalize the desperate. On a more local scale stuff like this is why we have WIC, so we don't have millions of babies with mental and physical disorders from their developing years.

I know, I know, I'm politicizing. But the thing is like it or not politics affects everything we do. It's scary how far it's embedded in our lives and nobody likes to acknowledge it...

50 Years later we'll learn the NSA was behind this

[itwasgreektome]

I think history is gonna show us that we were responsible for the Wana attack. It didn't cross my mind until I heard on NPR that Russia was the county that suffered from the attack the most- even getting into government computers. The Shadow Brokers released this trove of hacking tools a little while ago. This meant the door on using this exploit was going to start closing slowly. We also knew that hackers would take advantage of this exploit. So why wouldn't the US Govt, under the guise of a random hacker, use this exploit to garner as much info as possible on Russia while it was still possible? Remember that Obama told Russia that we would get them back, at the time and date of our choosing. And this would explain why the built in shutdown was hidden in the code- I wouldn't be surprised if that 20 something year old security researcher wasn't tipped off to register that domain name once we'd gotten access to some of Russia's infrastructure, to mitigate collateral damage to the innocent bystanders. That would explain why they "only" got $26k, if their M.O. was to make money there would have been zero reason to include a kill switch in the code.

I think it's been invaluable

[cyber-vandal]

It shows the bean counters the cost of not keeping systems up to date.

I think they deserve more -- $115,000 more

[Offtopic]

In the form of a Hellfire missile...

Copper thieves

[DidgetMaster]

It's like those criminals who do $100K damage to some expensive electrical equipment just so they can scrounge a few hundred dollars worth of copper. They simply don't care how much damage they do to other people as long as they get a few bucks in their pocket.

Re:Copper thieves

[sysrammer]

I think you've described at least 20% of the population. Half of those will be stealing your copper, the other half will be stealing your pension.

Read it again and think

[dbIII]

Have you considered that the message "there are no winners here not even the criminals" would be written in exactly the same way?
I think your shoot the messenger attitude is from not considering the context.

A bit odd calling NTFS "modern"

[dbIII]

A bit odd calling NTFS "modern" when the filesystem on VMS had that feature.
ZFS is a much better and more user friendly example in the way it handles snapshots.

Re:50 Years later we'll learn the NSA was behind t

[dbIII]

I wouldn't be surprised if that 20 something year old security researcher wasn't tipped off

I hate to extinguish your fantasy but script-kiddie shit is invariably shit so it's quite likely that the first person with a clue to take a really good look at the malware could find a hole.
If your fantasy was correct somebody "connected" would be the one tipped off to claim the glory.

tracking bitcoins

[amoeba1911]

Bitcoin ... the currency of criminals.

Medicine == Money

[duane_robertson]

The problem in nearly every system that was affected by an attack comes down to greed (and not just on the malware maker's part). Hospitals are either businesses, expected to make ever greater profits, or government entities expected to save tax dollars (or some combination). They balance the good they do against the money it costs and unfortunately, sick people tend to be on the losing end.

Medical equipment manufacturers are almost universally corporations. If the money is there, they'll keep upgrading equipment forever, but it's usually more profitable to sell something new.

The people responsible for the equipment knew that it was old and out of date. They decided that the money they had should go elsewhere. You're not blaming the victim when someone deliberately stops maintaining his car and gets killed when his brakes fail, even if he didn't have the money to fix them. In fact, I'd say that he's responsible for any injuries to the people in the other car.

There comes a point where hacking has to be considered a force of nature, and the wind does not respect a fool.

The *RIGHT WAY* to back up data

[knorthern+knight]

> This ransomware here will encrypt attached devices - such as
> external usb drives - and any network share you may have access to.
>
> So even if you have backups, you can still get burned.

That's *NOT* how to backup. Three principles of successful backups...

1) Do *NOT* let the PC have write access to the backup system. Do not trust it to not f*** up external backups. Instead have the desktop PC share out directories (read-only access) so they can be copied by an external machine running linux/bsd/whatever.

2) Do *NOT* overwrite your backups. Use a proper versioning system. If a file is unchanged, don't make another copy. If it is changed *CREATE A SEPARATE COPY*. If you're running low on space, give read only access to the user and ask them to confirm that the latest file version is not screwed up. Then and only then have the backup machine delete older versions.

3) Set up random "tripwire files" that look like ordinary Word and Excel files... and tell the user *NOT* to touch them. Have the backup machine (with read only access) check the "tripwire files" every hour or so. If any of the files change, have the back up machine send an urgent email to IT to look into it *NOW*!

Can someone help me with 2 questions?

[barrygrommit]

1) Is it possible to trace the bitcoin recipients? To their real IP address? To their home address?

2) Other attacks are often followed by "those who know" telling us that the attack occurred in Russia, or China, or...wherever. Since it is easily possible to spoof the sending IP address of an attack, how are these attackers identified? Won't all the routing information also be compromised? In fact, the only IP address that is accurate is the recipient. Any help?

--
As usual, I am confused.

$34k earned so far!

[OlgerSIP]

I've just checked those Bitcoin addresses and they have made a little bit over 20 bitcoins >> $34k >> so they're still making money and will continue as time goes by.

Re:Did they really tho?

[rpstrong]

All BTC transactions are recorded in the block chain, in terms of wallet IDs (the three addresses) - it is easy to track transfers in and out. (The trick part is tying a wallet ID to a person, assuming that the person took steps to hide his activities.)