
Tracking ransomware end-to-end - godelmachine
https://blog.acolyer.org/2018/03/23/tracking-ransomware-end-to-end/
======
erikb
Interesting how the whole money system that bitcoin tried to fight against is
completely recreated in bitcoin. There are centralized banks, just they are
called exchanges. Most people hold their money there. And apparently money
laundering is also making a come back as bitcoin mixer agencies.

If these mixers really succeed for 5 or so years at what they are doing, I
guess bitcoin might have a chance after all.

------
ourmandave
Last paragraph...

 _This introduces a unique ethical issue. We must consider the impact on
victims before taking down ransomware infrastructure.

...if every victim did not pay or was prevented from paying, the scale of the
problem would likely decrease; however this would mean that some individuals
would incur additional harm by not being able to recover their files._

Well, no. You take it down immediately _so new victims aren 't added._

It would be nice if you could provide the uncrypt key for the current victims,
but explain to the hospital that's shut down by these assholes how you could
have prevented it but we're waiting for current victims bitcoins to clear the
exchange.

Oh, and go full ISIS on the people running the ransomware.

~~~
bryondowd
What if the hospital is the one who was already hit and was about to pay
because they are desperate to get back up and running?

~~~
ourmandave
At what point do you stop the madness?

What if more hospitals fall victim while we're waiting for the one hospital to
pay?

And when do we go Full ISIS (tm) on scum who hold hospitals hostage?

~~~
ndury
The madness won't stop untill people learn to not click random attachments if
you ask me...

The problem isn't per se randomware, the problem is people not knowing better
than to click anything and everything they see or am I mistaken?

------
ndury
Nice writeup! I have always been interested in how ransomware works and to
what extent the transactions can be backtraced. It still surprises me that
these attackers seemingly are unaware to what extent bitcoin blockchain
transactions can be traced. It certainly took them long enough to make the
switch to Monero.

~~~
mountsbay
That Locky simply moved 40% of their revenue into BTC-e (Figure 8), without
going through mixers, is likely just bad op-sec.

------
supro
Tracking ransomware payments...

