Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attackers DDoS WannaCry Kill Switch (venturebeat.com)

Posted by EditorDavid on from the black-hats-vs-white-hats dept.

An anonymous reader quotes VentureBeat: As of late Friday, after many of the deadlines threatening data deletion had passed, few victims had paid ransoms. According to Elliptic Enterprises, only about $94,000 worth of ransoms had been paid via Bitcoin, which works out to less than one in a thousand of the 300,000 victims who were reportedly affected by WannaCry... While not as bad as feared, ransomware (not to mention cybersecurity threats in general) isn't going away. Wired reported that the domain registered by Hutchins has been under intense denial-of-service attacks delivered by an army of IoT devices marshalled, zombie-like, by Mirai.

36 of 73 comments (clear)

  1. Re:Trump by Anonymous Coward · · Score: 1

    The problem with democracy is voters are sports fans and they turn every election into a team sporting match.

  2. Wonderful by somenickname · · Score: 1

    If I had the money to borrow Mirai, I can't imagine a more amusing thing to do than to poke holes in the WannaCry Dam. I tip my hat to whoever is behind this evil scheme.

    1. Re:Wonderful by rholtzjr · · Score: 1

      That would probably be like borrowing from yourself. The people who have control of the Mirai network are probably the ones initiating the WannaCry. Find them and you could kill two birds with one stone.

  3. Typical Rate by mentil · · Score: 4, Informative

    Less than one in a thousand is a typical 'success' rate for any scam. Given that this is a worm, the cost of propagating to those 300k devices was almost nil after it was done being coded. Considering the attack used publicly-released exploits, pretty much every other component could've been sitting in a drawer using 95% reused code chunks.

    It's not like Silicon Valley contractors were paid to code this thing, some 3rd-world hacker (possibly unemployed) threw it together; the cost of creation is way under $94k, I suspect. The NSA probably paid 10x that to find the exploits, and who knows if they ever got to use them.

    --
    Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
    1. Re:Typical Rate by Anonymous Coward · · Score: 1

      You're funny because you think Silicon Valley contractors aren't 3rd-world hackers.

  4. Re:Just when you think there can't be a bigger jer by __aaclcg7560 · · Score: 1

    Law of Large Numbers?
    https://en.wikipedia.org/wiki/Law_of_large_numbers

  5. I thought it just resolved the domain name? by Anonymous Coward · · Score: 2, Informative

    I thought the "kill switch" just attempted to resolve the domain name which is why just registering the name was enough to activate it. If that's the case, what's the point of the DDoS other than just being a dick overall?

    1. Re: I thought it just resolved the domain name? by Brockmire · · Score: 1

      If the name servers go off line, won't they eventually expire out of DNS servers and accomplish the same thing of unregistered?

    2. Re:I thought it just resolved the domain name? by Sarten-X · · Score: 2

      No. It actually makes a full HTTP request, and requires a good response. I believe MalwareTech originally even said that the killswitch was fragile, and he tried to make it somewhat resilient, but it's not a cure. It holds off the payload, but is absolutely not an excuse to avoid patching, updating, and disinfecting your systems.

      --
      You do not have a moral or legal right to do absolutely anything you want.
  6. Re:Trump by ArmoredDragon · · Score: 2, Insightful

    Between antifa's brown shirt tactics (literally, they wear actual brown shirts while parading around with weapons and threatening people) and people like yourself that can't stop obsessing over that idiot, I'm thinking Trump is the least of our problems.

  7. success by Tom · · Score: 4, Interesting

    $94k is not a bad payout. Sure they hoped for more, and the worm was very successful and could've yielded more. But publicity is the enemy of every good scam, so typically, they actually do not want their scam to make headlines.

    Given all that, they still made the equivalent of a yearly salary on this thing, and without the inconvenience of paying taxes or having to show up in the office. Any indy mobile games developer would be happy with getting that return from a game.

    Ransomware is here to stay. But maybe with the large number of victims this time, people will actually demand that software vendors start to provide something that is better than utter crap? That we have a very serious issue in software quality and we can't afford to bet our economy, social networks and basically all of civilisation on something that's made cheap and fast (you know the third that wasn't picked).

    We need some basics done right in software, and that means re-engineering a big part of it. We need to understand trust levels, MLS or its variants. We need to get away from the user model we have, where users are treated as either complete idiots or all-knowing gods. We need to get our shit sorted out instead of pushing the next shoddy "disrupting product" out the door in search of a quick buck and a profitable IPO.

    Maybe if something besides $$$ still had a value in this society...

    --
    Assorted stuff I do sometimes: Lemuria.org
    1. Re:success by mentil · · Score: 1

      We need some basics done right in software,

      While I agree with your sentiment, let's not forget that these were stolen NSA exploits. Even if the security bar were raised substantially, the NSA will still be willing to throw billions in taxpayer dollars at finding exploits and creating complex implants. If those expensive top-shelf exploits are released into the wild by crackers who stole them, other malware authors will happily use them for random mundane stuff like ransomware. Just wait until ransomware starts flashing itself into device firmware so it can't be easily removed. "This monitor I found in a parking lot infected my desktop, and I started having keyboard problems, it'd randomly type 'hacked by Chinese' and the '4' key was disabled. I plugged the keyboard into my laptop to see if it'd work fine there, and it infected my laptop."

      --
      Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
    2. Re:success by Anonymous Coward · · Score: 1

      $94k isn't a lot of money, considering the coder behind WannaCry made pretty much every mistake in the book. He hardcoded a killswitch URL without owning the URL. He coded in a single bitcoin wallet so there's no way to tell which victim paid off the ransom. I doubt the author of this crap also wrote the exploit code, which by reports is highly sophisticated. That means he almost certainly bought the exploit code. Add this to the cost of renting a Mirai botnet, the author's hemorrhaging money fast.

      While I don't know the going value of a sophisticated exploit that's only been in the wild a month, or the cost of the DDoS, I expect the bill is in the tens of thousands. The hacker's also made himself public enemy #1 by having a worm that hit many major facilities including hospitals. No one's going to care that the worm did very little damage because it was incompetently coded. They're going to go after this guy hard in the hopes of making the next guy think twice.

      It'd definitely be nice if we had better OS models and if the IoT wasn't such a cesspool. But re-engineering the foundations of modern software and firmware? Not going to happen any time soon.

    3. Re:success by Highdude702 · · Score: 1

      You dont have to buy what has been publicly released on the internet. Have you ever heard of piracy?

    4. Re:success by Computershack · · Score: 2

      Given all that, they still made the equivalent of a yearly salary on this thing, and without the inconvenience of paying taxes or having to show up in the office.

      Difference is that they're going to have to look over their shoulders and it is likely that they'll never be able to claim that Bitcoin because the intelligence services will be monitoring it. When you fuck with a nation's national health service disrupting the medical treatment of millions of people, some of it for things like cancer treatments, and that nation has GCHQ at its disposal and access to the US intelligence network you need to be seriously fucking careful you do a damned good job of covering your tracks.

      --
      I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
    5. Re:success by Anonymous Coward · · Score: 1

      Seriously, they're going to lose a third of the money channeling it (slowly, in batches) through multiple bitcoin laundering services, then dump it (again, slowly and in differently sized batches) into a bank account in a country that doesn't share much data with the UK/US/etc. There are better ways for a good developer to make money than something like this, even in a poor country. This was most likely considered a disaster by whoever created it.

    6. Re:success by Tom · · Score: 1

      You sure the government cares so much? As long as they didn't hit the GCHQ itself, I'm not sure they'll got out of their way to find them.

      --
      Assorted stuff I do sometimes: Lemuria.org
    7. Re:success by ebvwfbw · · Score: 1

      They were too cocky. Wannacry? Just begs for clickbait. Everyone wanted to see if there was any carnage. Should have named it Sugarpops or FreeHealthCare, nobody would have looked then.

  8. I guess... by ameyer17 · · Score: 1

    Criminals gonna criminal.

    Seriously, though, the makers of the ransomware are criminals. It's not entirely unrealistic to think they're also the type who would DDoS.

    And the DDoS is probably less of a crime than the ransomware.

    All of this assumes that the (in my opinion likely) possibility that the DDoS and ransomware are coming from the same person or people.

  9. Automatic updates are a pain by Vadim+Makarov · · Score: 3, Insightful

    As the article points out, a big part of the reason is that people disable automatic updates. This should never be done, but I can understand. Automatic updates are rude. They change and break things. Windows updates got kinda nicer last few years (after you disable automatic reboot http://www.makeuseof.com/tag/d... ), but all other software updates are still crap. Every time I run a third-party sofware update (Adobe, Flash, etc.), it breaks and resets things. No I don't want a new UI for Acrobat that makes the icons twice the size (nope, forced). No I don't want the load-at-boot reinstalled (nope. reinstalled. fire msconfig and regedit to get rid of it). No I don't want to reinstall the auto-update (ditto). No I don't want my print settings reset to default (nope, done). And crap like that, every time. This is a price for security that we should not have to pay.

    --
    17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
    1. Re:Automatic updates are a pain by drinkypoo · · Score: 1

      Windows updates got kinda nicer last few years (after you disable automatic reboot http://www.makeuseof.com/tag/d... ), but all other software updates are still crap.

      Every time I run Windows updates, I then have to run a script to rip Telemetry out of my Windows. So, no. Windows updates are now malware. That's not better. You are suffering from Stockholm syndrome.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re: Automatic updates are a pain by orlanz · · Score: 1

      The problem is that software vendors have lost customer trust and they aren't even working on getting it back. Historically, updates, upgrades, and new features were separate things. When companies started to think "How do we monotize our current user base?" that things went to shit.

      Now features, mostly unwanted, are being shoved down the update channel. All it really accomplishes over time is making the update channel the same as a forced upgrade/feature channel. Something that most people just don't want.

    3. Re: Automatic updates are a pain by Highdude702 · · Score: 1

      You are correct. And there is only one way to get them to change that. Instead of paying for the inferior software they provide.. Bootleg it. Fuck them, They can have their money when they act right. Until that day i will never give another penny to a software vendor.

    4. Re:Automatic updates are a pain by Vadim+Makarov · · Score: 1

      I am talking about my own experience (Win 7) and I compare Windows updates to other vendor's updates. Okay I agree with you, now I remember, Windows update probably broke one thing in my computer and it can no longer hybernate correctly. That happened on travel and caused me a day of mess. I'd blame that on buggy Apple's drivers for macbook, though. (That's another compromise.)

      The problem is, not letting it update is even worse. I did that for a while years ago, then had to reinstall the OS from scratch as it got thoroughly infected.

      --
      17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
    5. Re:Automatic updates are a pain by WhoBeDaPlaya · · Score: 1

      It comes down to who you prefer f*cking you - Satya Nadella, or a random script kiddy.

    6. Re:Automatic updates are a pain by Vadim+Makarov · · Score: 1

      Thanks. Seriously, that's another compromise. I tried to switch to Linux twice, with several years in between. Both times it ended up in a UI and experience disaster, I lost work files and/or OS installation within days of starting it. I don't think I am sufficiently geeky, or non-dumbass as you say, to manage Linux on a personal computer. We run it on lab servers and there it's good but, in my experience, it's too much of a geekhole for the PC used by non-programmers.

      --
      17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
  10. Re:Trump by rholtzjr · · Score: 1

    Don't worry, AI will save us. I keep having flashbacks to the late 70's show with Gil Gerard and Erin Gray listening to Theo explain diplomacy to ignorant masses .

  11. Re:Just when you think there can't be a bigger jer by fisted · · Score: 1

    you honestly believe this isn't the original jerk behind the ddos?

    --
    CLI paste? paste.pr0.tips!
  12. Re:WannaCry or WannaCrypt by Highdude702 · · Score: 1

    It has always been WannaCrypt, WannaCry for short.. see it now?

  13. Re:Trump by Anonymous Coward · · Score: 1

    Antifa's are a strawman being stood up being the alt-right as something to make them look like the victim. They aren't a serious movement.

  14. They DDoSed ... by PPH · · Score: 3, Insightful

    ... a HOSTS file?

    --
    Have gnu, will travel.
  15. Before Bitcoin it was Ukash and Paysafe by duguk · · Score: 2

    That's bullshit! Reveton back in 2012 used to demand Ukash or Paysafecard.

    1. Re:Before Bitcoin it was Ukash and Paysafe by TheFakeTimCook · · Score: 1

      That's bullshit! Reveton back in 2012 used to demand Ukash or Paysafecard.

      Ok, so that's one.

      Name 3 others and I'll believe you. And they can't be variants of Reveton.

  16. Re:Just when you think there can't be a bigger jer by zerocool512 · · Score: 2

    The Dragonball Law?

    --
    If techs didn't disagree with each other, then Microsoft would rule the world.
  17. Re:So what does this mean ? by ebvwfbw · · Score: 1

    Sure. It's a business. They invested the time to make a virus that works, why not try to make as much money off it as they can. I'm surprised they haven't re-launched it. New kill switch.

  18. Re:Trump by peawormsworth · · Score: 1

    Trump's a bitch but not a bigger bitch than his pathetic voters.

    I know. It's like he's always crying right?

    "Boo Woo. Poor me. Nobody's fair to me. This is a witch hunt." And on and on.

    He never misses a moment to let us know how difficult life is for him. And he's got the look of someone who cries every night. Such weak talk. Poor little underdog.

    Just look at his wife. You can just see that she is sick of hearing his whining at night and crying into pillows.