
Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26k So Far - phodo
http://krebsonsecurity.com/2017/05/global-wana-ransomware-outbreak-earned-perpetrators-26000-so-far/
======
gorbachev
$26K and the spot on every most wanted cyber criminal list on the planet.
Congratulations guys, well done!

~~~
AlwaysBCoding
The flaw in their plan is that the intersection of people capable of figuring
out how to pay a ransom payment in Bitcoin, and people still using Windows XP,
is pretty small.

~~~
sp332
They have very detailed instructions in 20 languages. It's much more user-
friendly than most software these days.

~~~
josephorjoe
But their price point was set too high for their market.

Turns out that for a lot of victims wiping their old computer was deemed less
expensive than the cost, nuisance, and risk of paying criminals through some
shady internet fake money thing to possibly avoid having to wipe their
computer.

For anyone with a recent backup of their data, I can't think of why they'd
pay.

~~~
MR4D
I think you are way underestimating the percentage of people who have good
backups of their data.

HN'ers might, but HN would not be a representative sample.

~~~
sp332
A lot of the high-profile systems getting hit are embedded mission-critical
systems. They'd be getting some amount of IT attention. And systems that
aren't that important might not be important enough to ransom - just wipe and
start over.

~~~
MR4D
Agreed - I was thinking more of the individuals.

------
psyc
Sure, Silicon Valley probably won't jump on this bandwagon. But it's ok for a
lifestyle business to have modest goals.

------
sonofgod
$55k, now.
[https://twitter.com/actual_ransom/](https://twitter.com/actual_ransom/)

------
mootothemax
Would they make more money if they demanded $10 instead of $300? While $300
isn't crazy money, it's more than enough to be painful, and definitely feels
like ransom.

I wonder how many people facing a locked computer would sigh, say a few choice
swearwords, and dig out their cards had it been a relatively low amount.

~~~
paulgb
They passed up a good opportunity for price discovery: have the ransomware
pick a random number between, say, 10 and 1000 and learn from that for future
attacks.

~~~
DenisM
They could also make a machine learning model to take into account the part of
the world, the hardware model, and other wealth indicators.

------
jmcdiesel
Is this a point to the downside of bitcoin? Im not against it at all still,
but this does prove it to be a viable method of payment for shady business
that can't reasonably be tracked... without bitcoin (or other crytocurrency),
what methods would be in place to collect this money that wouldnt be easily
tracked?

~~~
tobyjsullivan
Western Union? Scammers have had means of collecting payouts since the
beginning of scams.

One interesting counter point here is that the money hasn't disappeared.
Literally every cent that has been paid to one of these Bitcoin addresses can
be traced through all future purchases by anyone on the internet. The money
will, of course, be combined with other amounts as transactions occur but that
doesn't kill the trail. If any of it does end up in a wallet which a
government can tie to a real person, an investigator can start working
backwards. This is no different from marked bills in a more traditional ransom
payment. Not perfect, but proven effective.

~~~
jmcdiesel
Western Union at least requires ID to recieve money, and you have to go into a
location to do so (you cant claim it online) ... so you will be on camera...

Checks and money orders have to be cashed...

Im not ranting against anything, just a curiosity...

------
pasbesoin
If this were me, I'd be running away from it as fast as possible.

It's entered meatspace, with players like the FBI, FSB, China (not sure about
their acronyms), and anyone else who feels they have a stake.

If you aren't state-sponsored and protected (by a competent state, however
corrupt), you aren't going to win against them. Not when you have a physical
body, family, and friends to protect.

(And even if you aren't state-sponsored, do you want to be on high-vigilance
for 10+ years? No trips abroad? And how do you stay useful enough to maintain
that protection? And how, regardless of internal political turmoil?)

P.S. Not to mention, the competent (as opposed to the other) and very resource
rich aspects of their intelligence services. Which can add up to a lot of
haystack sifting.

------
jstanley
What a shame. They've surely done many orders of magnitude more than $26k
worth of damage. They've done a really really bad job at monetising their
impact.

~~~
supernovae
True, the damages they have done far surpass the ransom income, but the
inflation of the currency itself based on global attacks probably helps them
over the long haul. Sort of crazy that bitcoin markets react to ransom hauls
in a positive way and to me - that is the biggest danger to bitcoin and a
large source of potential revenue.

------
alexc05
What would be really interesting to me is the reverse-engineering of the
outbound bitcoin to trace this back to real/named individuals.

Consider that every transaction is public information - so any bitcoin spent
from that wallet has to go somewhere.

A friend threw out a stat for me while we were discussing this the other day
that something like 80% of existing wallets are owned within places _like_
coinbase where they are associated with named individuals. (I don't know if
that is true, but for the purposes of this strategy it's the assumption I'll
stick with)

Anyways - assuming 80% of wallets can be traced by law enforcement to named
individuals. Imagine that you set an alert to watch all outbound transactions
from any of those three wallets.

After each transaction, do a lookup on the owner of the receiving wallet. If
it is a named individual, interview them to find out how they got this money.
Who just sent them a bitcoin?

If the wallet is not owned by a named individual, add it to the watch-list.
Repeat for all outbound transactions from that wallet until you can trace it
back.

I'm interested to know how many steps it would take to arrive at the actual
criminal.

~~~
matt-attack
If bitcoin were truly that ineffective for use by extortionists, why is it so
commonly used? Note: I'm truly asking a question, I know very little about the
subject.

~~~
marcosdumay
Honestly, I'm repeating this question for years. I still didn't come-up with a
good answer.

The best that I got is that those criminals rely on living in countries with
weak rule of law, and Bitcoin makes for just enough obfuscation that those
countries won't investigate them, while countries wiling to investigate don't
want to disclaim they have the ability.

Besides, anonymity is not the only feature of Bitcoin useful for criminals.
There's also the fact that transactions can not be stopped or undone. Those
may be even more important.

------
Retr0spectrum
Considering nobody has had their files decrypted yet, I'm almost surprised how
high this figure is. You'd think some people would do at least a bit of
research before throwing $300 down the drain.

~~~
sp332
That's not true. The process to send out the decryption key is apparently
manual and slow, and some people haven't received keys
[https://twitter.com/MalwareTechBlog/status/86418145375993856...](https://twitter.com/MalwareTechBlog/status/864181453759938563)
but some have.
[https://twitter.com/mikko/status/864107673146490880](https://twitter.com/mikko/status/864107673146490880)

~~~
Retr0spectrum
Thanks, unfortunately it's too late to edit my comment now.

------
giis
Did they actually decrypted the files after getting money from victims?

It would be interesting, if some white-hat security researcher, pays the $300
money and gets the solution (reverse engineering) . Make its available for
free to everyone :)

~~~
outworlder
Crypto doesn't work like that.

~~~
Cyph0n
It depends on the implementation. Even so, it's always easier for the authors
to patch the malware than it is for researchers to reverse it.

------
suyash
Really good technical analysis of WannaCry for hackers (in a good sense):
[https://www.youtube.com/watch?v=d_j8UUQbJsc](https://www.youtube.com/watch?v=d_j8UUQbJsc)

------
kjsujwai
Article is a couple of days old now. If you do the math right as im writing
this it'd be 33.8 bitcoins. at $1721 per coin the total is over $58,000. All
points Krebs mentions are still valid however.

------
api
We really should make it illegal to pay ransom. The only ultimate solution to
this problem is to eliminate the incentive.

~~~
matt-attack
Ah yes, the old: "This action harms no one but yourself, but we wish to
protect you from yourself, so the solution is to turn you into a criminal when
you perform said action. For your own good of course."

~~~
dsp1234
_This action harms no one but yourself_

Paying a ransom is the opposite of this. The action only helps yourself, but
harms everyone else, but providing funds to the ransomer.

~~~
npongratz
> Paying a ransom is the opposite of this. The action only helps yourself, but
> harms everyone else, but providing funds to the ransomer.

Reminds me of my relationship with the people who call themselves the taxing
authorities.

------
mtgx
It's because they asked for $300 when they could've asked for $30,000,
considering they infected a lot of large organizations.

~~~
celticninja
$300 per machine, not per network.

