Slashdot Mirror
WanaDecrypt0r Ransomware Earns Just $26,000 In Ransom Payments (krebsonsecurity.com)
An anonymous reader quotes Krebs On Security:
As thousands of organizations work to contain and clean up the mess from this week's devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what's being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam...
It's worth noting that the ransom note Wana popped up on victim screens (see screenshot above) included a "Contact Us" feature that may have been used by some victims to communicate directly with the fraudsters... I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward.
It's worth noting that the ransom note Wana popped up on victim screens (see screenshot above) included a "Contact Us" feature that may have been used by some victims to communicate directly with the fraudsters... I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward.
Has that stopped bank robbers?
Criminals are not known for having the world's best impulse control or understanding of expected itchiness.
Bank robbers are not in it to make a load of money unless they are planning to break the vault. Normally they are just trying to get some cash to pay for drugs or a loan shark.
But compared to deploying a wide scale attack, a normal bank robbery doesn't require a lot of planning, unlike the a technical attack where there is days of planning.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
There is the cost of getting caught. A multi-national attack hugging big organization will have a lot of people out for blood. Just hitting one or two areas you may get some jail time, but if this guy gets caught he is in serious trouble.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
"However, I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward. "
This is the most idiotic statement I've ever seen him make. It is a good thing if there was little reward, and his implication that he is disappointed that they didn't get more is just mind boggling.
This is why we should ever pay ransomware.
1) There is a big chance they are not going to unlock your data, anyway.
2) You don't know if they have also stolen all the data and can then do other things to harm you in other ways. Or left residuals in your computer.
3) By paying, you are a "mark" so they might go after you again.
4) Paying absolutely encourages them to continue this behavior and incentivizes others to joint them.
We need to educate everyone: Backup your data redundantly and check it regularly, and don't pay ransomware.
Until you factor in trying to hide from the FBI/Interpol for the rest of your life. Are you sure those transactions are completely untraceable? Yeah, sure, keep telling your self that. Sleep well...
Who said they had to convert it to cash?
The real question is why isn't the NSA getting its feet nailed to the floor for this? They discovered (or engineered) a critical weakness in a major operating system, and rather than report it to make sure we are actually safe from this threat, they used it to make malicious software which then got released into the wild and is being used against the world.
This is the largest breach of trust of any US government agency that I know of, and yet people are just ignoring that aspect of it.
Cost to those scammed: huge, potentially millions and maybe a few lives lost or harmed â" it hit quite a few hospitals; not that the scammers really care what it cost other people.
There are also some benefits to society, like boosting emergency preparedness. This has clearly shown how NHS in particular are overly dependent on computer systems, to a point that hospitals can't operate when systems go down. How would they be able to handle a real emergency, like a war?
Nobody knew, or those who did didn't say anything. Now everybody knows, and there's a chance of vulnerabilities being scrutinized and contingency plans made and tested.
the ransom was around 300$ and more than 75000 computers infected.. ... That's a total fiasco lol,
That's mean less than 0.1% paid for description
Not if this was hacked up by someone without a job or on spare time, using existing resources. Any non-zero profit would then be a win.
People in hospitals did not get care due to this. There was at least one critical stroke response unit that had shut down complete. Medical equipment also relies on computers, some of which were vulnerable. You want to blame the "victims" for un-patched systems? Sure, all systems should be up to date, but that's a bit like blaming the victim of a stray bullet from a gun fight for not wearing combat armor when he went out for a sandwich that day.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
In most cases the financial damage is too small to expend the resources. When the attack is in one jurisdiction, like Europe, with suspected perpetrators out of Russia and Iran, and the BTC account then has funds transferred to Kazakhstan banks and Philippine casinos...
Just think of the work needed to get all those jurisdictions to cooperate, much less allocate resources, etc. Assuming the cooperate at all.
Add to that funds can be transferred and withdrawn in literally minutes, and you have a real problem.
The hack on the Pakistani bank where their SWIFT credentials were compromised and they lost ~$84 million USD saw the majority of the funds transferred to casino accounts in the Philippines. Have a mule waiting to withdraw in chips and deliver a bag full of chips to a waiting recipient, who cashes out and flees to, say, North Korea or anywhere who just doesn't want to cooperate.
The mule gets $1,000 in cash -- more than he's ever seen at one time in his life. If he gets caught, he was just hired anonymously to make a delivery, so has no info and gets off light, if prosecuted at all.
You put the effort in for $84 million USD, but $26,000? Screw that. If they didn't hit so many targets this would be filed away and forgotten.
Western Union, MoneyGram (currently the target of a bidding war for acquisition), casino accounts, or even regular banks just split into dozens, if not hundreds of accounts that can be accessed anywhere in the world by an ATM card, and you have what is really a low risk, high profit criminal enterprise.
Learning HOW to think is more important than learning WHAT to think.
The good thing here is that people have apparently gotten the message to not ever pay these people. Given that they will be completely destroyed if ever caught and that there is a lot of incentive to catch them, I hope this problem will just vanish over time.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
there's lots and lots of engineers in China, India & Eastern Europe without much to lose. Their economies have little to no safety net, meaning if you trip up you crash hard. This is one of those consequences of abandoning a good chunk of your population to the forces of nature and the whims of capitalism. There's talk about the US slashing aid to poor middle eastern countries and of Isis et al looking forward to it so they can move on and radicalize the desperate. On a more local scale stuff like this is why we have WIC, so we don't have millions of babies with mental and physical disorders from their developing years.
I know, I know, I'm politicizing. But the thing is like it or not politics affects everything we do. It's scary how far it's embedded in our lives and nobody likes to acknowledge it...
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
I think history is gonna show us that we were responsible for the Wana attack. It didn't cross my mind until I heard on NPR that Russia was the county that suffered from the attack the most- even getting into government computers. The Shadow Brokers released this trove of hacking tools a little while ago. This meant the door on using this exploit was going to start closing slowly. We also knew that hackers would take advantage of this exploit. So why wouldn't the US Govt, under the guise of a random hacker, use this exploit to garner as much info as possible on Russia while it was still possible? Remember that Obama told Russia that we would get them back, at the time and date of our choosing. And this would explain why the built in shutdown was hidden in the code- I wouldn't be surprised if that 20 something year old security researcher wasn't tipped off to register that domain name once we'd gotten access to some of Russia's infrastructure, to mitigate collateral damage to the innocent bystanders. That would explain why they "only" got $26k, if their M.O. was to make money there would have been zero reason to include a kill switch in the code.