Attackers DDoS WannaCry Kill Switch

An anonymous reader quotes VentureBeat: As of late Friday, after many of the deadlines threatening data deletion had passed, few victims had paid ransoms. According to Elliptic Enterprises, only about $94,000 worth of ransoms had been paid via Bitcoin, which works out to less than one in a thousand of the 300,000 victims who were reportedly affected by WannaCry... While not as bad as feared, ransomware (not to mention cybersecurity threats in general) isn't going away. Wired reported that the domain registered by Hutchins has been under intense denial-of-service attacks delivered by an army of IoT devices marshalled, zombie-like, by Mirai.

Typical Rate

[mentil]

Less than one in a thousand is a typical 'success' rate for any scam. Given that this is a worm, the cost of propagating to those 300k devices was almost nil after it was done being coded. Considering the attack used publicly-released exploits, pretty much every other component could've been sitting in a drawer using 95% reused code chunks.

It's not like Silicon Valley contractors were paid to code this thing, some 3rd-world hacker (possibly unemployed) threw it together; the cost of creation is way under $94k, I suspect. The NSA probably paid 10x that to find the exploits, and who knows if they ever got to use them.

I thought it just resolved the domain name?

I thought the "kill switch" just attempted to resolve the domain name which is why just registering the name was enough to activate it. If that's the case, what's the point of the DDoS other than just being a dick overall?

Re:I thought it just resolved the domain name?

[Sarten-X]

No. It actually makes a full HTTP request, and requires a good response. I believe MalwareTech originally even said that the killswitch was fragile, and he tried to make it somewhat resilient, but it's not a cure. It holds off the payload, but is absolutely not an excuse to avoid patching, updating, and disinfecting your systems.

Re:Trump

[ArmoredDragon]

Between antifa's brown shirt tactics (literally, they wear actual brown shirts while parading around with weapons and threatening people) and people like yourself that can't stop obsessing over that idiot, I'm thinking Trump is the least of our problems.

success

[Tom]

$94k is not a bad payout. Sure they hoped for more, and the worm was very successful and could've yielded more. But publicity is the enemy of every good scam, so typically, they actually do not want their scam to make headlines.

Given all that, they still made the equivalent of a yearly salary on this thing, and without the inconvenience of paying taxes or having to show up in the office. Any indy mobile games developer would be happy with getting that return from a game.

Ransomware is here to stay. But maybe with the large number of victims this time, people will actually demand that software vendors start to provide something that is better than utter crap? That we have a very serious issue in software quality and we can't afford to bet our economy, social networks and basically all of civilisation on something that's made cheap and fast (you know the third that wasn't picked).

We need some basics done right in software, and that means re-engineering a big part of it. We need to understand trust levels, MLS or its variants. We need to get away from the user model we have, where users are treated as either complete idiots or all-knowing gods. We need to get our shit sorted out instead of pushing the next shoddy "disrupting product" out the door in search of a quick buck and a profitable IPO.

Maybe if something besides $$$ still had a value in this society...

Re:success

[Computershack]

Given all that, they still made the equivalent of a yearly salary on this thing, and without the inconvenience of paying taxes or having to show up in the office.

Difference is that they're going to have to look over their shoulders and it is likely that they'll never be able to claim that Bitcoin because the intelligence services will be monitoring it. When you fuck with a nation's national health service disrupting the medical treatment of millions of people, some of it for things like cancer treatments, and that nation has GCHQ at its disposal and access to the US intelligence network you need to be seriously fucking careful you do a damned good job of covering your tracks.

Automatic updates are a pain

[Vadim+Makarov]

As the article points out, a big part of the reason is that people disable automatic updates. This should never be done, but I can understand. Automatic updates are rude. They change and break things. Windows updates got kinda nicer last few years (after you disable automatic reboot http://www.makeuseof.com/tag/d... ), but all other software updates are still crap. Every time I run a third-party sofware update (Adobe, Flash, etc.), it breaks and resets things. No I don't want a new UI for Acrobat that makes the icons twice the size (nope, forced). No I don't want the load-at-boot reinstalled (nope. reinstalled. fire msconfig and regedit to get rid of it). No I don't want to reinstall the auto-update (ditto). No I don't want my print settings reset to default (nope, done). And crap like that, every time. This is a price for security that we should not have to pay.

They DDoSed ...

[PPH]

... a HOSTS file?

Before Bitcoin it was Ukash and Paysafe

[duguk]

That's bullshit! Reveton back in 2012 used to demand Ukash or Paysafecard.

Re:Just when you think there can't be a bigger jer

[zerocool512]

The Dragonball Law?