Attackers DDoS WannaCry Kill Switch

An anonymous reader quotes VentureBeat: As of late Friday, after many of the deadlines threatening data deletion had passed, few victims had paid ransoms. According to Elliptic Enterprises, only about $94,000 worth of ransoms had been paid via Bitcoin, which works out to less than one in a thousand of the 300,000 victims who were reportedly affected by WannaCry... While not as bad as feared, ransomware (not to mention cybersecurity threats in general) isn't going away. Wired reported that the domain registered by Hutchins has been under intense denial-of-service attacks delivered by an army of IoT devices marshalled, zombie-like, by Mirai.

Just when you think there can't be a bigger jerk,

... a bigger one appears! It's almost like it's a law.

Re:Trump

The problem with democracy is voters are sports fans and they turn every election into a team sporting match.

Wonderful

[somenickname]

If I had the money to borrow Mirai, I can't imagine a more amusing thing to do than to poke holes in the WannaCry Dam. I tip my hat to whoever is behind this evil scheme.

Re:Wonderful

You are not very creative... haha!

Re:Wonderful

You do realize that DDoSing the server doesn't do shit to the DNS entry, right?

Re:Wonderful

[rholtzjr]

That would probably be like borrowing from yourself. The people who have control of the Mirai network are probably the ones initiating the WannaCry. Find them and you could kill two birds with one stone.

Re:Wonderful

If you're talking about WannaCry, the self-disabling function isn't DNS based, it requires a (any) positive HTTP response from the sinkhole server. Without an HTTP response, it continues on. Exhausting the sinkhole's ability to process HTTP requests is unfortunately an effective measure.

Typical Rate

[mentil]

Less than one in a thousand is a typical 'success' rate for any scam. Given that this is a worm, the cost of propagating to those 300k devices was almost nil after it was done being coded. Considering the attack used publicly-released exploits, pretty much every other component could've been sitting in a drawer using 95% reused code chunks.

It's not like Silicon Valley contractors were paid to code this thing, some 3rd-world hacker (possibly unemployed) threw it together; the cost of creation is way under $94k, I suspect. The NSA probably paid 10x that to find the exploits, and who knows if they ever got to use them.

Re:Typical Rate

You're funny because you think Silicon Valley contractors aren't 3rd-world hackers.

Re:Typical Rate

haHA! they took your jobs!

Re:Typical Rate

In Soviet America, hacker 3rd-worlds YOU!

Re:Typical Rate

Can confirm. Am 3rd world hacker working for Silicon Valley.

Re:Just when you think there can't be a bigger jer

I don't know the name of the law, but there must be one.

Re:Just when you think there can't be a bigger jer

[__aaclcg7560]

Law of Large Numbers?
https://en.wikipedia.org/wiki/Law_of_large_numbers

ROI (Return of Investment)

Probably the author of this new WannaCry worm/ransomware have calculated the ROI if they kept on DDoS'ing the kill switch because many infections wreak havoc to victims and they would pay the ransom. Keep on DDoS'ing until it is not responsive, hence all the new infections would trigger. Would be logical to conclude that the guy who is DDoS'ing is the guy who built WannaCrypt worm/ransomware. Probably renting the botnet is cheap, once the cashflow (bitcoins) keeps coming in from victims of Wcry.

I thought it just resolved the domain name?

I thought the "kill switch" just attempted to resolve the domain name which is why just registering the name was enough to activate it. If that's the case, what's the point of the DDoS other than just being a dick overall?

Re: I thought it just resolved the domain name?

[Brockmire]

If the name servers go off line, won't they eventually expire out of DNS servers and accomplish the same thing of unregistered?

Re:I thought it just resolved the domain name?

[Sarten-X]

No. It actually makes a full HTTP request, and requires a good response. I believe MalwareTech originally even said that the killswitch was fragile, and he tried to make it somewhat resilient, but it's not a cure. It holds off the payload, but is absolutely not an excuse to avoid patching, updating, and disinfecting your systems.

Re:Trump

[ArmoredDragon]

Between antifa's brown shirt tactics (literally, they wear actual brown shirts while parading around with weapons and threatening people) and people like yourself that can't stop obsessing over that idiot, I'm thinking Trump is the least of our problems.

Lol awesome

Grab some popcorn. There's enough to go around.

Re:Trump

if only we could decide which manning to vote into the white house -- i'd vote archie, btw.

captcha: finder

success

[Tom]

$94k is not a bad payout. Sure they hoped for more, and the worm was very successful and could've yielded more. But publicity is the enemy of every good scam, so typically, they actually do not want their scam to make headlines.

Given all that, they still made the equivalent of a yearly salary on this thing, and without the inconvenience of paying taxes or having to show up in the office. Any indy mobile games developer would be happy with getting that return from a game.

Ransomware is here to stay. But maybe with the large number of victims this time, people will actually demand that software vendors start to provide something that is better than utter crap? That we have a very serious issue in software quality and we can't afford to bet our economy, social networks and basically all of civilisation on something that's made cheap and fast (you know the third that wasn't picked).

We need some basics done right in software, and that means re-engineering a big part of it. We need to understand trust levels, MLS or its variants. We need to get away from the user model we have, where users are treated as either complete idiots or all-knowing gods. We need to get our shit sorted out instead of pushing the next shoddy "disrupting product" out the door in search of a quick buck and a profitable IPO.

Maybe if something besides $$$ still had a value in this society...

Re:success

[mentil]

We need some basics done right in software,

While I agree with your sentiment, let's not forget that these were stolen NSA exploits. Even if the security bar were raised substantially, the NSA will still be willing to throw billions in taxpayer dollars at finding exploits and creating complex implants. If those expensive top-shelf exploits are released into the wild by crackers who stole them, other malware authors will happily use them for random mundane stuff like ransomware. Just wait until ransomware starts flashing itself into device firmware so it can't be easily removed. "This monitor I found in a parking lot infected my desktop, and I started having keyboard problems, it'd randomly type 'hacked by Chinese' and the '4' key was disabled. I plugged the keyboard into my laptop to see if it'd work fine there, and it infected my laptop."

Re:success

$94k isn't a lot of money, considering the coder behind WannaCry made pretty much every mistake in the book. He hardcoded a killswitch URL without owning the URL. He coded in a single bitcoin wallet so there's no way to tell which victim paid off the ransom. I doubt the author of this crap also wrote the exploit code, which by reports is highly sophisticated. That means he almost certainly bought the exploit code. Add this to the cost of renting a Mirai botnet, the author's hemorrhaging money fast.

While I don't know the going value of a sophisticated exploit that's only been in the wild a month, or the cost of the DDoS, I expect the bill is in the tens of thousands. The hacker's also made himself public enemy #1 by having a worm that hit many major facilities including hospitals. No one's going to care that the worm did very little damage because it was incompetently coded. They're going to go after this guy hard in the hopes of making the next guy think twice.

It'd definitely be nice if we had better OS models and if the IoT wasn't such a cesspool. But re-engineering the foundations of modern software and firmware? Not going to happen any time soon.

Re:success

[Highdude702]

You dont have to buy what has been publicly released on the internet. Have you ever heard of piracy?

Re:success

[Computershack]

Given all that, they still made the equivalent of a yearly salary on this thing, and without the inconvenience of paying taxes or having to show up in the office.

Difference is that they're going to have to look over their shoulders and it is likely that they'll never be able to claim that Bitcoin because the intelligence services will be monitoring it. When you fuck with a nation's national health service disrupting the medical treatment of millions of people, some of it for things like cancer treatments, and that nation has GCHQ at its disposal and access to the US intelligence network you need to be seriously fucking careful you do a damned good job of covering your tracks.

Re:success

Seriously, they're going to lose a third of the money channeling it (slowly, in batches) through multiple bitcoin laundering services, then dump it (again, slowly and in differently sized batches) into a bank account in a country that doesn't share much data with the UK/US/etc. There are better ways for a good developer to make money than something like this, even in a poor country. This was most likely considered a disaster by whoever created it.

Re:success

[Tom]

You sure the government cares so much? As long as they didn't hit the GCHQ itself, I'm not sure they'll got out of their way to find them.

Re:success

[Tom]

While I agree with your sentiment, let's not forget that these were stolen NSA exploits.

Even the NSA can only find what's there. We can raise the software quality (i.e. lower the bug count) by at least two orders of magnitude, this has been demonstrated. It is more expensive, but not that much (not even one order of magnitude).

We just don't because making a quick buck before the shit hits the fan is still a viable business model.

Re:success

[ebvwfbw]

They were too cocky. Wannacry? Just begs for clickbait. Everyone wanted to see if there was any carnage. Should have named it Sugarpops or FreeHealthCare, nobody would have looked then.

I guess...

[ameyer17]

Criminals gonna criminal.

Seriously, though, the makers of the ransomware are criminals. It's not entirely unrealistic to think they're also the type who would DDoS.

And the DDoS is probably less of a crime than the ransomware.

All of this assumes that the (in my opinion likely) possibility that the DDoS and ransomware are coming from the same person or people.

Automatic updates are a pain

[Vadim+Makarov]

As the article points out, a big part of the reason is that people disable automatic updates. This should never be done, but I can understand. Automatic updates are rude. They change and break things. Windows updates got kinda nicer last few years (after you disable automatic reboot http://www.makeuseof.com/tag/d... ), but all other software updates are still crap. Every time I run a third-party sofware update (Adobe, Flash, etc.), it breaks and resets things. No I don't want a new UI for Acrobat that makes the icons twice the size (nope, forced). No I don't want the load-at-boot reinstalled (nope. reinstalled. fire msconfig and regedit to get rid of it). No I don't want to reinstall the auto-update (ditto). No I don't want my print settings reset to default (nope, done). And crap like that, every time. This is a price for security that we should not have to pay.

Re:Automatic updates are a pain

[drinkypoo]

Windows updates got kinda nicer last few years (after you disable automatic reboot http://www.makeuseof.com/tag/d... ), but all other software updates are still crap.

Every time I run Windows updates, I then have to run a script to rip Telemetry out of my Windows. So, no. Windows updates are now malware. That's not better. You are suffering from Stockholm syndrome.

Re: Automatic updates are a pain

[orlanz]

The problem is that software vendors have lost customer trust and they aren't even working on getting it back. Historically, updates, upgrades, and new features were separate things. When companies started to think "How do we monotize our current user base?" that things went to shit.

Now features, mostly unwanted, are being shoved down the update channel. All it really accomplishes over time is making the update channel the same as a forced upgrade/feature channel. Something that most people just don't want.

Re: Automatic updates are a pain

[Highdude702]

You are correct. And there is only one way to get them to change that. Instead of paying for the inferior software they provide.. Bootleg it. Fuck them, They can have their money when they act right. Until that day i will never give another penny to a software vendor.

Re:Automatic updates are a pain

Windows updates got kinda nicer last few years

What are you smoking, plenty of breakage in the last years, including the infamous stuck update on win7, uses up most resources of low-end machines and requires manual intervention.

Re:Automatic updates are a pain

[Vadim+Makarov]

I am talking about my own experience (Win 7) and I compare Windows updates to other vendor's updates. Okay I agree with you, now I remember, Windows update probably broke one thing in my computer and it can no longer hybernate correctly. That happened on travel and caused me a day of mess. I'd blame that on buggy Apple's drivers for macbook, though. (That's another compromise.)

The problem is, not letting it update is even worse. I did that for a while years ago, then had to reinstall the OS from scratch as it got thoroughly infected.

Re:Automatic updates are a pain

So stop running WIndows and/or shit software, dumbass!

Re:Automatic updates are a pain

[WhoBeDaPlaya]

It comes down to who you prefer f*cking you - Satya Nadella, or a random script kiddy.

Re:Automatic updates are a pain

[Vadim+Makarov]

Thanks. Seriously, that's another compromise. I tried to switch to Linux twice, with several years in between. Both times it ended up in a UI and experience disaster, I lost work files and/or OS installation within days of starting it. I don't think I am sufficiently geeky, or non-dumbass as you say, to manage Linux on a personal computer. We run it on lab servers and there it's good but, in my experience, it's too much of a geekhole for the PC used by non-programmers.

So what does this mean ?

Somebody wants wannacry to continue spreading by making it seem the domain is not there ? Hmm...

Re:So what does this mean ?

[ebvwfbw]

Sure. It's a business. They invested the time to make a virus that works, why not try to make as much money off it as they can. I'm surprised they haven't re-launched it. New kill switch.

WannaCry or WannaCrypt

So which is it called, WannaCry or WannaCray or WannaCrypt? Why does the name keep changing?

Re:WannaCry or WannaCrypt

same reason russian porn actresses have a dozen different names.

Re:WannaCry or WannaCrypt

[Highdude702]

It has always been WannaCrypt, WannaCry for short.. see it now?

Re:Trump

It's funny how this was never an issue before voters rejected Saint Hillary the Ceiling-Shatterer. Before that rank partisanship was A-OK. I guess if democracy keeps making wrong decisions, we'll have to get rid of it in favor of a technocracy that makes the hard decisions for us. And that's never been tried before, comrade?

Re: Trump

Probably not as much as fascist, hate monger, resist at any cost to any who oppose your ideology.

Captcha: Small Intellect

Re:Trump

[rholtzjr]

Don't worry, AI will save us. I keep having flashbacks to the late 70's show with Gil Gerard and Erin Gray listening to Theo explain diplomacy to ignorant masses .

Re:Just when you think there can't be a bigger jer

Betterjerks Law

Re:Trump

i would agree, except for the fact that the idiot Trump is dangerous to each and every one of us. Some obsessing is required or that stupid fuck will run amuck unchallenged.

Re:Just when you think there can't be a bigger jer

[fisted]

you honestly believe this isn't the original jerk behind the ddos?

Ok,we traded privacy for security

where's the security?

These folks don't seem to be all that sophisticated.
They are using stuff made by somebody else.
They didn't do so good with the bitcoin wallets.
They likely exposed themselves when they reintroduced the virus without the kill switch.
And they are likely doing it again with this DDoS.

If the TLA's can't catch this group of bad guys, then why are they getting to collect so much information?
It's just not healthy for a Democracy.

Re:Trump

Between antifa's brown shirt tactics (literally, they wear actual brown shirts while parading around with weapons and threatening people) and people like yourself that can't stop obsessing over that idiot, I'm thinking Trump is the least of our problems.

Yes, because the stooge in the Oval Office isn't consequential at all.

Actually, Trump would still be consequential even if he wasn't, because he's been a turd burdening America for decades, as evidenced by his history of malfeasance. He's stolen millions from innocent people, as his most recent lawsuit settlement shows.

In comparison, a few Internet people are hardly a concern.

But it's ok, you want to worry about the Internet folks. Not the Great Orange Troll. That's fair.

Re: Protect yourself vs. SMB1 attacks easily

Go away troll

Re: Protect yourself vs. SMB1 attacks easily

I installed this crap DNS thing from APK, and I got infected by WannaCry. Watch out

Re:Trump

Antifa's are a strawman being stood up being the alt-right as something to make them look like the victim. They aren't a serious movement.

I don't do a DNS & my work's safe/clean

See subject & proof my code's AUDITED by Malwarebytes' hpHosts & is clean/safe (they wouldn't host it otherwise much less recommend it as they do along w/ hostman)

&

It's proven safe/clean by ~60 antivirus programs too https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ in

  APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

* So who are you TRYING to "fool"? Yourself??

APK

P.S.=> Get on topic, grow up & quit stalking/harassing me by your UNIDENTIFIABLE trolling worm "ne'er-do-well" posts you do - ok??? Get professional psychiatric help: You CLEARLY require it loony bird... apk

All car has always a backdoor, the 3rd or 5th door

It's not enough. It doesn't block the financial service to the criminals.

To be precise, DDOS (by names, IPv4/IPv6 addresses and unbound addresses) to Bitcoin's and Tor's servers is the main deterrent objective instead attacking uselessy one domain registered by this boy.

If the DNS root servers don't do the job of cooperating or prosecuting to the criminals then they might probably be the next targets or not. It depends of the complexity of the ramsonwares.

They DDoSed ...

[PPH]

... a HOSTS file?

Kill Bitcoin, Kill Ransomware

[TheFakeTimCook]

Simple as that.

The world never (or almost never) had such a thing as Ransomware until untraceable, auto-laundering methods of payment like Bitcoin.

Even cash is traceable, because you have to send it somewhere!

Stop Bitcoin, and its ilk, and you will take the "Ransom" motive out of "Ransomware". Just. Like. That.

Re:Kill Bitcoin, Kill Ransomware

until untraceable, auto-laundering methods of payment like Bitcoin.

It's a widely held misconception that Bitcoin transactions are "untraceable". The ledger of all Bitcoin transactions *ever* is P-U-B-L-I-C. All it takes is a search algorithm to walk the transactions to find out which address paid which other address what and when. If they can find the real identity of anyone you've ever paid or been paid by, they can work those leads to get to you. Pissing off governments is a good way to find out just how traceable Bitcoin really is, which is to say very.

Re: Trump

The people love him.

Before Bitcoin it was Ukash and Paysafe

[duguk]

That's bullshit! Reveton back in 2012 used to demand Ukash or Paysafecard.

Re:Before Bitcoin it was Ukash and Paysafe

[TheFakeTimCook]

That's bullshit! Reveton back in 2012 used to demand Ukash or Paysafecard.

Ok, so that's one.

Name 3 others and I'll believe you. And they can't be variants of Reveton.

Re: Trump

Some stupid people love him. Some non-stupid rich people love him.

Re:Just when you think there can't be a bigger jer

[zerocool512]

The Dragonball Law?

Re: Trump

Open borders! Convert to Islam. Shira law. Slap those loud mouth women down. Finally we can. Second class people.

Re:Trump

[peawormsworth]

Trump's a bitch but not a bigger bitch than his pathetic voters.

I know. It's like he's always crying right?

"Boo Woo. Poor me. Nobody's fair to me. This is a witch hunt." And on and on.

He never misses a moment to let us know how difficult life is for him. And he's got the look of someone who cries every night. Such weak talk. Poor little underdog.

Just look at his wife. You can just see that she is sick of hearing his whining at night and crying into pillows.