Bitcoin Forum

For a global attack they have not collected a lot of bitcoin yet. Results as of 16:00 GMT

Address 1: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

live link: https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

31 transactions = 4.65255659 BTC



Address 2: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

live link: https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

27 transactions = 3.10004389 BTC



Wallet 3: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

live link: https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

36 transactions = 6.53259945 BTC



~ 14.28 BTC x $1735.35 per BTC = $24,781 ransom paid thus far.



Add more addresses as you find them.

As compare to a massive world wide attack, the amount collected so far is not as much as it should be.  I also wonder if the people after paying the ransom, were there computer back to normal or still they remain affected by virus ?

I assume the following:
- that some institutions reverted to clean backups
- there are more than 3 addresses
- spread was stopped by a blogger who discovered a kill switch in the virus (this has been verified) - https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack

Do people really not back up their files regularly?

I would assume that a huge part of the reason the thieves aren't getting as much money as we'd expect is because most people back up their files at least every month or so.  Institutions should back up their files much more regularly than that.

Unless there's very significant new sensitive information that needs decrypting, there's not much reason for people to pay such a big ransom.  If it was $20 instead, I would probably pay it anyway, but there's really no point.

Yes, that's why they don't really target individuals. But if they've found a couple of sloppy companies, jackpot!



There have to be more than 3 addresses. And it's Saturday, many companies cannot access their money until the banks open Monday. Only then we'll see how big the damage is...

LOL hourly rate of hackers is not so good IMHO, maybe honest contract work would have been better... (they obviously have skills) ;D

Do you really think that those big companies that are affected by the virus will be paying bitcoins to decrypt their infected files? I think they just get specialist to remove the ransomware, but I am not sure if that is even possible with this big infection from last week.

Maybe they are tired being bossed around and not satisfied with what they are earning. So, since they have skills, why not do something that will make them earn more than they usually do. But, they are wasting their skills making such crimes, they can do better than that.

That’s a pretty nice payday for not really doing anything all day. I am pretty sure that the hacker might’ve paid for the ransom software so he might be in the negative right now.
What is kind of surprising to me is that these people have Bitcoin already installed or they have already verified their profiles on Bitcoin Exchanges that allowed them to pay the ransom. That was really fast considering how Bitcoin is pretty new to the scene, somebody should fire the tech guy.

Ransomware honestly its so easy to remove there are many software that can remove those ransomeware upon experience this virus before by many laptops and computers when i was repairing their computer i notice that they are just hiding the files and only the created and copy of your files are in same folder that you can only seen if you turn of the hide system files..
Kaspersky is 1 of the tool that can recover your files from ransomware  this link may help you to recover all of your files from ransomware.
https://noransom.kaspersky.com/
many different ransomware so you can test them all to clean affected computer..

The other thing to make clean your computer is advanced hirens not a free 1 i think the hirens that i use for repairing by many years its i think hirens restored edition proteus.. this is not recommended for beginners . you can find this tool in piratebay..

I think computer that has no anti virus can be affected easily most of those virus is from torrent and some files we are download so always check that you are using a good antivirus to protect your file..  i already experience my computer was affect the exe files almost all are affected but i just use and update my os and the internet security and fix my issue.

every time i open my computer there is a welcome note that i need to pay for the amount to recover all the files effected they said its not  a virus but they are giving a password to decrypt affected computer after payment..
But  never pay them because i know many ways to fix the computer.

I think Windows is trying to take ransom from me :) for a few days when I open my laptop with Windows 10 installed which I downloaded from official MicroSoft source now I get a watermark note in bottom right corner that asks me to activate Windows, wtf is this related to the hacking currently?

If the files are truly encrypted, removing the ransomware will not get the files back. Unless there is a clean backup you either lose the data or pay the ransom, and there is no guarantee that the key to decrypt will be supplied.

UPDATE: 02:15 GMT

Address 1: 39 transactions = 6.97303882 BTC
Address 2: 30 transactions = 3.64134512 BTC
Address 3: 35 transactions = 5.00218759 BTC

EDIT: How could an address grow in transactions and shrink in total BTC when no withdrawals have taken place? (see address #3)

Not necessarily.
If your files are on magnetic HD and not on an SSD, you could try to recover encrypted files by using a decent file recovery program. As long as the encryption process doesn't do too many passes on the file location on the platter you "might" be able to recover the original version.
Haven't tried it but its worth a shot. What other options do you have?
I've recovered files deleted 8 years ago off a customers pc a few years ago. BTW, I was using forensic-level recovery programs tho.

Now how they will spend their hard earned hacking money, considering the addresses are known and probably are blacklisted everywhere?

Are you sure? In this time I was assuming if Wannacry is a new ransom and it's not registered on the database.
The ransom must be registered on the database and the software can be identifying the kind of ransom and try to recover the computer. I can't get your point but it seems impossible right now. Because WannaCry has made on 14 April and it's new ransom.

Question: Once you pay the ransom, how does the hacker know it was you who paid?

I missed that part. I mean people are sending their BTC to them. How are they tying the payment to the computer?

To get anything will be done in various ways for the sake of individual pleasure .. that's the brightness that does not care about each other ..

Putting the coins through a mixing service most likely.

Would say they mix the coins a few times before they move the coins to an exchange to convert them into alt-coins or cash then repeat the cycle and so that no one can follow the route.
Either that or sell them to someone in person/generate new wallet keys before mixing them.
That or buy giftcards

the simplest way is using a real anon cryptocurrency not bitcoin which is not anonymous. the best thing that can be found is Monero (XMR) and they most probably will use that in their route, convert to monero > reach anonymity convert to fiat. and eventually they will switch to asking for that coin in first place.

to OP:
you don't need to update the balance each time it receives a transaction, there are so many cool tools for it :)

use this one:
replace <address> with address and <color> (html-like hex code) is not needed but is an option to change the color of the text.
ref: https://btc-priceimg.herokuapp.com/

example:
http://btc-priceimg.herokuapp.com/balance/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
http://btc-priceimg.herokuapp.com/balance/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw/FF0000

   Are you sure address 3 had 6.5235 btc in it at that time? I am seeing only 5.50119801 in it at this time. 🙃

Maybe some transactions got double spent / dropped?
Although who the heck would pay ransomware from the start when they know to double spend?!

This and many other lessons of this recent attack should be shared to all people and firms who can be subjected to the same thing later. This is now a new form of terrorism and on the side of the hackers/programmers can be a good source of money via Bitcoin. I am sure this will not be the last and in fact can be inducing more attacks in varying degrees and forms in the coming months and years. We should be careful and maybe NSA should be spending more time, focus and resources on this one.

It's quite a bit harder to exchange fiat for Monero.  People would have to go through Bitcoin themselves before they buy Monero and it would be a lot of inconvenience on top of the cost of the ransom which might give them an incentive not to pay it.

The thieves, however, can just take the Bitcoin through mixers into Shapeshift and take Monero out, then start exchanging that back into fiat.  As I recall there are services that accept Monero and then pay Bitcoin addresses with the value of the Monero you sent them, so they could connect to a LocalBitcoins user or something that way.

It shouldn't be hard to exploit Monero's anonymity for it.

Big companies have insurances for the event like this that will probably pay this for them...

UPDATE: May 14, 2017 12:25 GMT

Address 1: 47 transactions = 8.4448838 BTC
Address 2: 35 transactions = 4.0009201 BTC
Address 3: 42 transactions = 5.83614653 BTC

Next logical step maybe is to try to talk to this mixing services and to not let them used their services. But I doubt any agency specially UK and USA will do this for the sake of capturing the culprit. Or maybe the mixing services will do their own action, so that they can't used any exchange to convert the bitcoin they stole to fiat. Its like releasing the bitcoin wallet to all exchanges so that it will be blacklisted.

Almost $32k received based on the current btc rate.

No people never backup their files, and a lot of business don’t do it either, they should do it but they don’t, I’m not an expert on computers by any means but sometimes friends ask me to fix their computers and that is one of the first questions I ask and the answer is always no.

This is one very bad crime. They are washing the data and then forcing it to do a transaction with bitcoin.
This can make bitcoin less trustworthy. Just imagine they use bitcoin for crime.

If the files are encrypted, that will be next to impossible (as others have said already)

Regarding big companies paying the ransom, it doesn't as much depend on the size of the company as on the importance of files encrypted, though it would be strange for a big company not to regularly backup their important data. As the saying goes, there are two kinds of people, those who create backups and those who don't yet. Apart from that, how many big names have been really affected by this piece of ransomware?


That's nothing in terms of impact on Bitcoin price

I'd say that's a fair amount of money for making an encrypting trojan. It paid well for the time they spent making it, especially well since they left an easy to find way to shut it all down. Also I don't think the price decreased purely because of this hack. It didn't target the Bitcoin network, so there was no reason to panic and the price was peaking for days. People were waiting to take their profits.

WannaCry 2.0 is out and, guess what there is no killswitch anymore  ;D

If you wanna protect against such threats, check out https://bitcointalk.org/index.php?topic=1903071.msg18888453#msg18888453
Its impossible to get infected with WannaCry if you follow the whole guide

The virus made the files encrypted and then it will decrypted once you pay $300 as a ransom. 
To help reducing further spreading of the ransomware possible measurement should be taken to avoid opening unknown emails and especially the one related to invoice.

Well, we don't know that for sure

Maybe, they didn't pay anything at all and just stole the code from the Alphabet agency (maybe, it was one of their employees or something to that tune). We don't know either if they will be caught but if they do get caught eventually, no amount of profit will be worth it unless they get off cheaply while extorting literally millions of dollars (like Cryptsy scammers did). Regarding Bitcoin prices, I'm never tired to repeat that with higher price we should expect higher volatility, even in relative terms, so the price swings of 200 dollars shouldn't surprise anyone any more. My best bet is for 1,200 dollars as a new support level and 2,000 dollars as a new resistance level

No, they're too lazy to do it! i keep most of my files on external hdd and some important files on google drive(automatic sync) and i don't use windows. ;)

why isn't ETH demanded as ransom? leave bitcoin alone.

Addresses are a little over 20 BTC. Never thought they'd see this much money, actually...


I was questioning myself exactly this. Maybe the ransomware has a place to input txid?

If they put it into an exchange and take it out again there's a decent chance that they're never really going to be ID'd as long as they use means to conceal where they are and other information about themselves. Sending it into an exchange, waiting, then sending it into a mixer, then another, and then doing whatever, might enough to break up their trail but dedicated individuals might keep diving deeper.

Some of the media are blaming them on the drop in BTC price as they happened simultaneously. Make sense to me. What do you think?

Was just in to sat the same thing. Crooks read the headlines and fixed their kill switch.

I doubt it. The bulk of people being affected don't control the btc market. The whole market is in a bubble. Bubbles burst...eventually.

Realtime balance for all WannaCry' wallets here:

https://whitesunset.github.io/wannacrypt_balance/

Good link. Saves me the time copying and pasting.

I am still not buying that there are only 3 addresses though.

I've been thinking the same thing since we crossed $1,600. It seems like the market is growing too big for its own good and there's a relatively high chance we're in the middle of a bubble.

I do not believe that the ransomware had that much of an effect on the value of Bitcoin, it likely had a small impact on the value at most.

Maybe the market is just looking for a reason or reasons. Like you said people are afraid to jump.

20.95 BTC hardly seems like enough to manipulate the market. Fear could but I don't see the fearful affecting this market because I doubt that many have more than a cursory knowledge of bitcoin.

I really do not see any major drop in the price of bitcoin,which charts are you watching. Thought is going for a correction yesterday but the price re bounded pretty soon.I am sure the authorities will be monitoring their moves and if they do something foolish then it is time they go inside bars for a long time. These kind of cheats and extortionist must be brought to the law.

hi!
Maybe this address is also used.
===
1QAc9S5EmycqjzzWDc1yiWzr9jJLC8sLiY
===

from:
https://twitter.com/malwrhunterteam/status/851687635554848768

Hmm... The ransomware would then need to centrally keep track of which transaction ids have been used.
What is somebody just copies the transaction id once the transaction is broadcast and keys it into the ransomware?

Appears so

https://blockchain.info/address/1QAc9S5EmycqjzzWDc1yiWzr9jJLC8sLiY

12 transactions = 3.25249956 BTC as of 01:50 GMT

You can actually decrypt the zip file of wannacry ransomware
the password is WNcry@2017.

You can thank me for that if get infected by it. Dont give this hackers bitcoin!

Looking at the image in the Twitter link above, perhaps once you send the required amount, it is automatically decrypted. They actually let you decrypt some files at no cost to prove it works. Nice of the crooks to give you a free sample.

How do you know this?

I'm not about to test your suggestion though LOL

Very worried, there are people who want to succeed by stealing. In my country, this becomes a serious attack. 2 hospitals have been attacked. Hope to be resolved as soon as possible.

We can not check his proposal, however, we can see it as a precautionary measure. I think he was one of those who paid the ransom for hackers.

Evidence?
Link?
Reference?
Why hospitals?
Stealing what exactly from them?
Are you in the right thread mate?

Anyone has any fix for me here?
I upgraded from 7 to 10 by official MicroSoft yet I'm getting the activate Windows notification.

Some people give the hackers coins with a message.   

I like this transaction!

96015c757e440554005965b97349234dcae8d4c0f8cc3410a0743cbcc9bacd6c

https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet
3 addresses (13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn) in one chart
22.89 BTC thus far

Yea, you are right. There must be a reason to move trading market price. Especially when a speculation appear, people will afraid and left the market.

That's hurt for those who got that shit. Anyone have trying with paying with low cost likely possibly to tranasaction will be rejected / refunded?

The well known mixing service like Bitmixer and a few others will not accept mixing money from those addresses but unfortunately the deep web ones will not give a shit from which addresses the money are coming and it will mix their coins and the hackers in cyber crimes will go unpunished as always. Even the FBI admitted yesterday that they are having a hard time tracking the location or different locations of this attack as they believe to be many people from many countries. Good thing is very few bitcoins are collected from an attack of this caliber.

It is a blow to bitcoin or crypto community. Bitcoin or crypto wil earn negative views from all many people. They will tend to mindset that cyber crimes are related to bitcoin or cryptocurrencies. That's a bad news.

In the beginning internet is not a safe place for everyone. Click, download, register etc. at your own risk. ;D

Exactly. Even without attaks like this many people still see Bitcoin as criminal currency and used for criminal activities and things like this only makes situation worse. That is why is necessary to inform people about good sides of Bitcoin and how could be used for good purposes.
And in regard to WannaCry the story isn't over yet.

Even if you don't know about it before, there are some occasions that will warrant you to be a fast learner by all means and moreover, it doesn't take up to 30 minutes to get a verified bitcoin wallet. With someone firing the tech guy,  ;D it is possible the organisation didn't consider anything regarding cybersecurity which is a huge department on its own but at least the tech guy should have been backing up one way or the other, so I agree with you, he should be fired.

are we sure all of these are legit payments from victims of this malware?
I mean the hackers could have simply sent some bitcoin to those addresses just to hype things up and show others that other virtual victims are paying the ransom so you (the real victim) should pay it too!

you know like what some businesses do, put some money in to show your business is active and have customers ;)

wonder where they will sell their coins, some big exchanger must verify id right? even in my country some fiat exchanger ask user to verify their ID and must selfie to make sure it is real person

What is the garbage they've done? What do they exactly do, I mean...

That would do a bad service for these mixers

After all, they are there specifically to cover your steps. Indeed, it could be claimed that some mixing is legitimate while other is not but who is there to judge? If we are to distinguish between "bad" and "good" bitcoins, why not then revert the blockchain after every victim pays the ransom and successfully decrypts their files? Or just block these bitcoins in their wallets for good by demanding from miners not to confirm the transactions outgoing from the offending wallets? These are tough questions

That's what I was suggesting.


That's quite an old tweet, unrelated to this.


They re-use addresses. How would they know who sent what for which computer?


http://www.bbc.com/news/uk-39916778

They ransomware seems dominating their victims and they already getting a lot of bitcoins from getting ransom of encrypted files. If this kind of problem will continue then we should be in panic because the risk for the other bitcoin users is the price of bitcoin that can go down and we could lose a lot of money if it ever happen.

In fact, I hope that people do get infected with your panicky attitude and sentiment (since that's what your post is obviously filled up with) and actually start selling their precious coins in an overwhelming, blind panic, so that me as well as other folks could buy back what we sold at recent highs. Other than that, in a wartime people like you are shot on sight

And survivors are shot again

They will mix their coins 2-3 times , exchange to ltc or other coin on an exchange that doesn't require id for crypto withdrawals change them back into btc on another and then coin by coin on localbitcoins to fiat .

LB is also a bit of a mixer itself so by the time people will finish tracking those coins and altcoin movements...it will be 250

If they're smart they'll just sit on them for a decade or so, until most of the mixing services don't have their address on a blacklist. At that point, they'll sell.

all the exchanges that i have seen so far (even exchanges like btc-e that are too flexible and anonymous themselves) have a line in their terms of services that says if any law enforcement asks them, they will give your information to them (full cooperation) and in case of such a big scam like this, i am sure a lot of agencies are watching where the coins are going to go and will find them if use an exchange.

This is really a worrying thing. Already a lot of users affected by this virus. I think even if each of the victims paid then this will make the perpetrators of this crime is getting excited. They think that their work has been successful.

No they don't. Especially in public services where users call the IT for everything because they don't know or they don't like to do anything related to computers even though is a very stupid thing. So the most part of the day IT do lesser important tasks than it has to do. As an example ' local printer has a stuck piece of paper ' and so on.
 

No most people are too lazy to do a regular back say after a month or more. I believe hackers they didn't target whom computer would infected from virus. 


I believe that $300 as a ransom is not a big amount of money for many services or institutions especially if these are located in Europe or USA or some rich countries in Asia. I don't know for the rest countries in the world.

Yeah and what info will they give? The addresses of those altcoins?
Then they will have to check again where those altcoins went? By the time they finally get a bit closer to their target they will stumble on a shady exchange that is already gone ;))).

Trust me, those guys will not get caught because of the bitcoin trail they leave behind.
And that is a good thing.
Otherwise the so called anonymity of btc would be considered a joke.

That's funny, they made a global attack in my company.

To be fair you've got to be a bit stupid to actually fall for it...
Added to that the fact athat big companies all have data save of important files.

That depends on the public service

The one that I once was hired by as a "contractor" of sorts had strict policies in this regard. They had some enterprise level document management system in place (something like Lotus Domino at the time) and also had a guy specifically appointed to manage that system. I guess it was one of his duties to back up all documents that entered the system. Indeed, small hospitals and minor public services are as irresponsible in this regard as it could ever get

The ones without knowledge would be the ones that would dump over something relevant as this. maybe.

But since bubbles are created with the optimism of the people, this hack without a doubt has an impact since once again people see this as  a way for criminals to use bitcoin without anything being done, so I think this was a factor that stopped confidence and created the environment in which the price of bitcoin could go down once again.

It has been revealed that this did not spread by clicking on any links.

See this link https://www.wsj.com/articles/cybersecurity-experts-first-task-find-out-how-virus-spread-1494868250

From the article:

It's $300 per computer, not per company.

Port 445 is open by default in Windows. At least, on versions prior to Windows 7 (Windows XP is the last version that I am more or less familiar with). This port is required for Windows local networking (for file and printer sharing), so if it is open and computer is connected to Internet, it will be exposed as well. Personally, I think that here we have a case with a backdoor intentionally left by Microsoft and information of which (how to use it) got stolen from an Alphabet agency

Chickens always come home to roost

maybe only email address and some IPs that they use to log in because i have 1 experience ask exchanger legally when got problem with my acc they only give log in IP and not much information

Yeah and as it's supposed to spread in the whole company it can goes reaaaaaaaally fast ;D

How do you even know those addresses? Also, aren't like 200,000 computers infected already? in my evil mind, if I was a smart hacker, I would use a different address per computer. Im not sure how this works, but if this is the case, then there's 200,000 addresses you would need to keep track off which is nuts.

It's in any case surprising that companies are storing important info in windows machines... what a bunch of idiots.

Let's hope that at least some of them will learn the lesson

And finally switch to using a decent operating system with no backdoors and open by default ports. Regarding 200k addresses, the virus is obviously calculating some checksum which the victim should then send to the hacker (otherwise it would be impossible to generate the key to decrypt the files), so the process can be easily automated via a database and a simple script linking together a Bitcoin address and a checksum provided

I would do the same. But for some reasons the hackers seem to use only a handful of Bitcoin addresses.
Maybe they don't even care who pays and who doesn't (did you hear of successful data recover after this ransomware, after paying the price?). Or maybe they don't know enough about Bitcoin?

In the presence of this. Will have many positive and negative impacts that will occur to bitcoin. We can only hope the best lol

My take is that they don't care if the hacked bitcoins get easily detected by curious people (basically the entire bitcoin community is monitoring how this evolves so im sure they knew they would get traced carefully by community members).

Even if they used thousands of addresses, that would be just more of an headache when trying to mix them.

All these criminals have to do once they got all the money they wanted, is to send it all at some mixing site over tor and that's it, you lose track of it all, and that's where unfortunately all the people that got infected will never see their money back.

But let this be an useful lesson for people to take more seriously their jobs.

What if this whole thing is a conspiracy by Microsoft to scare people into downloading the latest update... Think about it!

It makes no sense. The amount of bad publicity Microsoft is getting outplays any benefits of a supposed conspiracy inside job to download the latest update. I mean what's the point? And as far as I know WannaCry 2.0 is already out there infecting computers so Microsoft is getting exposed as unsafe software.

port 445 may be open in internal networks. it is not open to the internet, at least with a properly set up router/firewall.

go to grc.com and let it scan your ports. 445 is stealthed on mine. thats with 6 computers behind a router, and windows firewall on plus whatever firewalls freenas, ubuntu and the rpi use. and i have file/printer sharing on.

Exactly, you are telling me banks and hospitals do not have backups? Then somebody should lose their job.

Exactly.  The hackers need to choose the ideal amount of money to steal if they want to keep their operations profitable. 

Clearly the prices they're charging have been considered to be worth just slightly less than the amount of effort it would take to buy a new computer and create new information.  In the cases of whole institutions, it should be worth it as they'll have a lot of sensitive information (like data about patient health in hospitals).

This should get everyone working in IT who had their company's computers infected fired.  It was very easy to avoid by just updating for critical patches.

   
What's really making me wonder if this is a distraction efforts.  "Look at the bad Bitcoin scandal, don't look at your own government or your trusted Brands like Microsoft. Just look at the attackers"
I am sure everyone knows that the WannaCry ransomware  is rumored to use an exploit called Eternal Blue, allegedly created by the U.S. National Security Agency to attack Microsoft Windows operating systems.  Although a patch had been issued back in March to secure the weakness that allowed the attack to get in, postponed updates or ignored update installation alerts left massive numbers of computers vulnerable and WannaCry malware slithered right in as if an invited guest.

Hmmm...

  [/b]

If a port is accessible from outside (via internal network or otherwise) it is considered as open

Some Internet service providers specifically block access from Internet to a range of ports (port 445 belongs to this group as well) which are known to attract hackers like shit attracts flies (due to a history of vulnerabilities), but this doesn't change a thing in this regard. In other words, a port can be closed (rather, not opened) only from inside, and while it is not closed (or filtered), it is considered as open (it is access to it which may be blocked). If your computer is behind a router, you may not even know what is behind it and whether there is anything at all


Eternal Blue seems to refer to the dreaded blue screen of death (BSOD), I suspect

I would presume, then NSA tool's tend to be named to reference analogies like the Weeping Angel from Dr.Who etc.
Eternal Blue is easily connected to BSOD.
https://techcrunch.com/2017/03/09/names-and-definitions-of-leaked-cia-hacking-tools/

That and teaching kids from the year 2000 how to spell Banana's BA NA NA S (Song Reference).
https://www.youtube.com/watch?v=UqcONoahlmQ

"Epic Banana," "Banana Glee," "Banana Ballot," "Banana Liar," "Bannana Daiquiri"
(Just missing a Banana Republic)
http://www.businessinsider.de/nsa-hacking-tools-exploits-2016-8

Yea good point. So I guess we are going with North Korea then? I just think its too easy and convenient to blame a nation that already has a bad rep in the media. Even more reason for Trump to do something stupid I guess. Let me not get into American politics though.

they don't need to do that they have two option

sending them to an unknown or small exchange without mixing, the exchange will not even care about those address i can bet my ass on that

selling those coins privately in real life, likely the buyers will not be aware about the blacklisting of these address

wow until now they earn ransom bitcoin. if these bitcoin address are blocked where this bitcoin can go? who would be benefited this?

Blockchain must make a move, they have all the controls and resources. This is a hate action bitcoin community might suffer from this in the future i guess.

WTF are you talking about?  You are an idiot sig spammer.  Idiot.

Honestly this has been probably hyped a lot more in the media and I'm really surprised to see that only a few bitcoins have been collected. I would estimate at least 30 BTC to be honest with you, because 10 BTC just seems like such a low amount and probably isn't the correct figure.

The fiasco will probably end soon though since the developer of this malware seems to be an amateur and a kill switch has been found already.

The main thing is that the whole thing makes it seem like bitcoin is behind it all. People refer to it as the "bitcoin ransomware", bringing bad image to bitcoin.

Doesn't seem like a very good return for what seemed to be a global attack. Of course, it's possible that not much resources were used in the attack but in terms of time, it doesn't seem like a very profitable scam. Then again, maybe there were other addresses we don't know about.

And yes, as usual, media makes the hype out of Bitcoin. Nobody would give a look if the hackers asked for pesos.

Now over 40 BTC (over $73,000) collected by the authors:

https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet

Yeah I've been thinking about that for a while, Sounds Legit to me. Because of the situation right now Many people Had been pirating windows O.S. Nowadays now people don't buy Licences Key because of this many windows loader to makes your O.S Instantly becoming genuine copy also because of Cloning P.C, Diskless system etc. Just to avoid this malware. Use genuine windows and Update your windows security also put Anti Virus, and  back-up.

Yes,they may use Bitmixer or Cryptomixer for mixing their coins so that they can move safely unidentified.

So,
How can we protect ourselves?
I heard that they are asking payments in Bitcoin, I haven't read that much about this attack.
I have updated my antivirus and copied all the data from my computer to my portable hard drive. Nothing is in my computer.
Also is this attack is only restricted to computers? or mobile phones are also affected?

You are right they are not targeting ordinary citizens but rather companies especially large ones even those who have a good firewall to protect their datas. This kind of attacks have been already a threat to the world and many big companies are starting to worry about those kind of attacks. Hope the government around the world will use the interpol to put those kinds of issues in a priority.

only windows computers, no macs or *nix systems yet. XP, Vista, win8.x, win7 are vulnerable. not win10 as far as i know.

best defense: UPDATE your OS and software. backup to OFFLINE disks. use decent antivirus. and dont click unknown attachments in mail.

Almost everywhere I have read, there are only 3 bitcoin addresses that are used while asking for ransom. It is not possible to say which person sent the ransom to the address, so even if users pay the ransom, their systems are still not going to get decypted.
Edit:It requires manual activation by hacker for decryption.

Recent article on the topic:
https://cryptoinsider.com/wannacry-ransomware-attack-warns-cyberspace-risks/

If they didnt decrypt the device, then there would be no incentive to pay them and noone would after the news got out. Even the FBI has recommended to those asking to pay the ransom. It is around $300 - $600 as far i read on the topic, which is not a lot considering what people store on the PC's.

This would be a great time to advertise Linux and mention perhaps its time to move on. One of the biggest ones that got hit was NHS, but back last year they were even warned that their system OS were outdated and that it did not comply with regulations.

“However, a Freedom of Information (FOI) request submitted by Motherboard to over 70 NHS Hospital Trusts revealed that thousands of NHS computers across the UK are running the outdated OS, potentially leaving confidential patient data vulnerable to attack. By running Windows XP, NHS Hospitals risk breaching data protection regulations, which are set to become even more stringent through the new General Data Protection Regulation (GDPR) coming into force in 2018.”

I thought they'd have gained a lot more bitcoin's by now. I'm assuming the number of payments will rise dramatically as we get near some of the deadlines they set for ransoms to be paid?

The NHS can't just lose patients records by not paying.....can they?

If they do not have any backups, then yes, they can. But i cannot imagine an institution as large as theirs not having backups. There is no way to get past the encryption unless you pay them - as far as i know no-one has managed to get past it.

This event raise awareness of the ransom malware which will help prevent its success in the future. Also if these guys don't make much money and it appears they are not, this could be the turning point where hackers begin lose interest in the concept.

Either way  with the increased awareness of bitcoin the long term affect is overwhelmingly positive.

NHS just like any other local health system is not like a company or corporation

It is basically composed of (mostly) independent hospitals, dentistries, pharmacies, asylums (yeah), and similar entities. Obviously, they don't keep their patients data in a centralized way since that would likely be prohibitively expensive. The best analogy to such a system, as to me, would be a banking system which is made up of a Central bank and many private banks which are mostly on their own, i.e. they are free to decide how they organize their data storage and such things

So how are these guys planning on cashing out? I remember some Silkroad dealers had a fortune worth of Bitcoins but were never able to cash out because everything was being monitored. From what I read (https://bitcoinmagazine.com/articles/four-quick-questions-and-answers-about-ransomware-and-bitcoin/) only 40 BTC have been transferred to the addresses associated with the attack.

Could anyone here explain or maybe come up with some techniques these guys could possibly use to cash out?

Possible way for them to cashout :

1. Send those bitcoin to different other addresses in small batch using bitcoin mixing/tumbling services.
2. Re-mixing those mixed bitcoin and sending them to single address to hold for long term.
3. Wait till all this mesh up and hype slows down, than move those coin to different reputable exchange platforms and exchanging them in small amount each day to stay within limit of unverified account.
4. They may also sell those bitcoin in face to face deals in cash to remain out of government radar.

Thanks for the reply. I don't understand number 5 though. Do you mean that they will receive payments in cash in real life and then transfer the BTC to the buyer's adress? If so, that seems to make no sense to me. The bitcoins are most likely being tracked and I assume this will become the buyer's problem, and why would the buyer want that? Unless the buyer doesn't know about it...

Do you mean there is not regulation put in place to protect the patient records in the case the place gets hacked or burnt down? No off-site backups? that is a terrible business practice to begin with. Fair enough if it was a local business, but you are dealing with highly confidential patient records.

I'll tell you this for free.
1) Update your Windows to latest version
2) Get Paid antivirus like ESET
3) Have brain

And that should cover it about all...

Even free solutions like Comodo would do if you have the nerve for it, since it will run in sandbox everything "untrusted".
Brain and nerves are necessary to check what's blocked and unblock the apps you really use and need and also remove the apps that should not be there / run.

I think the ones that paid had very important data on their disks and could not have any downtime if it removed automatically after payment. Maybe 1 or 2 dumb people. For a ransomware virus they collected yea not much. I think a global automatic mining virus does a lot better than this.

I did not receive any calls here about people infected also here the people will not open anything weird so fast. I will send out a warning for future infections like this I think that's a smart idea.

My issue with this whole thing is that how does the hacker know who paid. How can they actually decrypt said computer. The hacker would need access to the given computer to do anythinf I would imagine. Unless they can  somehow use a kill switch?

there is no number 5 btw  :D , when you send the coin you can always mix it even though you receieve the cash face to face , and first of all a lot of people believe that bitcoin are anonymous, the transaction are anonymous but actually it's fully traceable, there is blockchain as public data, everyone can see it. just the matter how you could trace it, there is a lot of way too, but of course it wouldn't be easy to do that especially when you have mixed it over and over again. wish sooner or later the wannacry inventor get caught through tracked bitcoin address , and we can show to the world that bitcoin are not a currency for criminals!

I have done a little bit of research on this and the best I can come up with it that the computer is encoded in the Bitcoin address (one of three) and the amount of the ransom (lower bits of the ransom amount).  Look at the ransom amounts here:

https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet

They are all a little bit different.

If this is true then paying the wrong amount would not work as the amount would not decode properly.

So, my next best idea is that the infected computer is in contact with the hackers over TOR.

Bottom line:  I really do not know, I am still trying to figure that out.

I guess, there are no such regulations

Though I don't live in Britain and can't know for sure. I just assume that it would be too expensive to provide every hospital with the means to back up their patients' records as well as hire highly qualified staff to take care of security aspects of these records (including their reliable storage). Apart from that, I try to stay away from medical services on the whole unless I know what I need and I actually need that (I don't need much, anyway)

I see your point. I wonder how many other organisations or entities have issues such as theirs. I cant believe that despite their warning, they still let it be. Cheers mate.

It is really funny when you post it here but tbh hackers probably didn't even notice it...

Many institutions like NHS can't afford to update all of their systems, also there are many devices that can't be upgraded like medical equipment

Stupid reasoning on their part. Their mindset should be 'Can't afford not to upgrade'.

Hahaha. Those people are our messengers they sent what everyone is feeling now because of their ransomware. I guess they noticed it then but even they will read they will only laugh at it. Hoping that this crisis will end soon.

I bet they make a budget for it now else they get what they desereved.

I think that is kind of an immature attitude, NHS is already cash strapped. Yeah they should upgrade but they probably chose to pay the doctors first

Then this means the virus is even more dangerous than we thought, just another reminder for some that using window for anything serious is a  big mistake, if you want to use it to hear some music and navigate on the internet fine, but if money is involved or sensitive information is better to use another operative system.

Is there a blockchain based file backup solution?

talk to friends and co workers, the non tech types.

hardly any back stuff up. i hear then moaning all the time about how they lost prized family photos, resumes and other important docs  and such due to simple drive failure.

That is a very good question.

Im sure the likes of SIA, MAIDSAFE and STORJ
Would have that covered as the are file storage
Blockchain technologies.

I am waiting for them to move the coins and i am sure they will make a stupid mistake that will end up in the hands of the law.They wont move anything for now as they know that the heat is on them and everyone will be monitoring the wallets.What ever they plan on doing with it,it is not easy to move them without anyone noticing.

I doubt anyone can find them. How ? So what if they know the address ? It won't help when you don't know and can't prove the owner. It would be interesting to each but is the investment of time really worth it ?

Still if noone paid this then things like these wouldn't exist. Just osy no attention to the randsom side of it. It's just a normal virus where the creator is taking a shot in the dark at some free money.

Well even if they move the funds from the wallets to another bitcoin wallet they wont be caught. They can only be caught when they will move the funds to the Fiat currency. They can use the bitcoin mixer service and then no one will get the clue of them forever.

Why should they necessarily make any mistake?

They were sane enough to craft such a virus in the first place capable of bringing down thousands if not millions of computers across the whole world (obviously, only a tiny fraction of affected users paid the ransom), so they should be pretty seasoned in such affairs (after all, MakeMeCry might not be their first accomplishment) and thus there are not many chances that they will get caught eventually. How many exchange hackers got caught in the end? And the number of bitcoins at stake is simply incomparable (just in case, over 120k bitcoins had been stolen from Bitfinex)

Yea i'm sure enough that if they can create and plant the virus
they sure as hell know how to liquidate the rewards into fiat
if they wanted, im sure they have a gameplan and its running
smoothly  ;)

word is they made some amateur mistakes: one was that hardcoded kill switch url. and only 3 btc addys? no unique id per computer?

my theory is it was some script kiddies and it went way over what they expected.

those addys most likely will be watched by more law enforcement than any in history..

They may well be but those addresses have only about 150k USD in total. I understand that the law enforcement want to track these guys down but I am not that confident at this. Other people , a lot more amateur than these ones like Hashocean got away with more than 3.5 mln USD stolen from users in their ponzi scheme scam. As far as I know they are free and enjoying their money. The same will do these guys of the ransomware as mixing services hidden in the TOR network do not care where the bitcoin come from, they just mix them.

Where did you get 150K USD?  Were you just guessing? I see them getting 100K USD so far.  Here:

https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet

Yes, They can just mix the coins and then cash out.  Simple to do.

Obviously, only time will tell

Apart from that, did anyone get caught last years after hacking numerous exchanges out there? I don't mean the times of Ross Ulbricht (who was engaged in real criminal activity like drug dealing and similar things after all), I refer to more recent times, when, for example, Bitfinex had been hacked almost a year ago. Some Taiwanese student who created Chernobyl virus got off really cheap despite the fact that his virus likely wiped out as many drives in 1998 as this CryAgain virus

This must be an awesome post for a change! That’s fascinating! I just checked one of the addresses and there is around 26 grand in that one address so they must have quite a lot by now. I wonder though what mixer would ever accept that much money and it would sure take a long time for the money to be laundered. Of course you also would have to do it with multiple launderers so I don’t know what their plan is.

Obviously, they don't need to launder all that amount at once

Moreover, even if some mixer could process that many bitcoins (which is not that many really, to tell the truth), it simply doesn't make sense to dump all these coins all at once unless the hackers are 100% certain that they won't be soon parted with their "hard-earned" and "well-deserved" bitcoins. If they are not so sure (which might well be the case), it would make sense to divide the spoil into small portions and launder them separately and cautiously. Other than that, they might not be interested in cashing out altogether

For example buying $50 Monero for BTC in one round and selling them later for bitcoins. Repeat every week and discharge on exchange slowly. 100% guarantee of anonymity, but it works only if you have bitcoin business.

Well, you seem to be missing something here

Or maybe it is just me. So how are you going to buy Monero if your bitcoins are tainted? By tainted I mean the bitcoins that come from the wallet which the victims of this ransomware have been sending their monies to. There is no guarantee that your bitcoins won't be confiscated when you try to buy something with them. Indeed, you can sell them off the market to someone unsuspecting, but by doing this you will just expose them to the same risk of having their coins taken (though the hackers wouldn't give a fuck about that, obviously)

What was the final known total of bitcoin's that they managed to get paid? They didn't get that many compared to what they were demanding the last time I looked.

All these companies & organisations just ignored the demands?

Current links to their addresses:

https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw (https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw)
https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn (https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn)
https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 (https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94)

They've got about 50 known Bitcoin, or about $112,500.  Considering just how many computers they infected and the fact that the price went up loads since the start, I'd call that a huge failure from them.

It looks that way doesn't it. Must be the usual line from governments & huge organisations who were affected - 'we do not negotiate with terrorists'.

It is quite obvious that not everyone is going to comply with the extortion demands if the affected computers does not have anything important or they have a back up and most of the big companies does have a back up and so that they will format the hard disk and then use the back up,IT department will be having a hard time to solve the issues ASAP.

Even if they were fast enough to avoid confiscation they would be leaving a trail. The IP with which they would register and connect in the exchange, the operations made and bitcoin address to which they would make the withdrawal later.

That presumes the hacker's decide to send them when the heat is still on, if someone sends the coins years down the line when no one is watching besides the few government agents who keep track of registries then they could execute a quick transfer before people wake up to it.
Kind of like criminals who deal in Fine Art or I guess in Modern Terms ISIS artifact resellers for Palmyra objects.
(But I agree by all accounts the amount these recieved was small but I am guessing they will be Holding it till it reaches a million or so and the ransom value appreciates over time.)

If you look at the total number of infected machines versus the paid ransom, then it's not really in line, but in reality it's a great bit of funds that has been collected in such a short period of time. Especially when you consider that it might be just one person counting his profits. Where do you get to earn that much without doing any real effort?

It is easier to use this link:

https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet

It give you the total from all three addresses.

I'm not sure of that

I don't really know the gory details of how truely anonymous coins work (and how exchanges work with them either), but as far as I understand it, once you withdraw to Monero wallet all traces are effectively lost since when you transact with coins built on the Cryptonite algorithm, you can't trace the wallets in the same way like you do with Bitcoin transactions and wallets. In other words, the Cryptonite network itself works as a coin mixer of sorts. Regarding IP's, you just use a VPN and get done with that

They now have over 50 Bitcoins:

https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet

Just reviewed these wannacry ransom addresses. It seems they have started cashing out, almost half the amount from each address.

Are there any updates? Is there anything being done to further track this?

Wannacry made a big negative impact on the bitcoin just because of the negative way bitcoin is being used. Bitcoin address of the concern ransomware tracking on real time is not that possible cent percent.

No, it fits perfectly what I have said in both threads about wannacry

At first people will be enthusiastically tracking coins like Conan the Detective but after a while they will get bored, the subject will lose interest, the coins will already be sold by he time somebody bumps this post and it will be another forgotten story till the next ransomware.

And even if you track them, who is going to do what?

 

We just build 3D visitation of transaction from wannacry wallet

https://blockchainnew.herokuapp.com/wannacry3d

Adding more data and interactivity now so please feel free to add any feedback.
Would really appreciate that.
Thx

Awesome work but I get the feeling of a disease spreading inside of me when looking at it:). Joking of course.
What's the meaning of different colors?
It gets darker with every coin movement?

For now colors just how far wallets are from the starting one.
You arrows shows transitions flow.
More labels are coming to this tool.
It's a pilot of tool to see blockchain better.

Yeah - it definitely looks like some virus on the beginning :)

Here is better version of it https://blueshift.io/wannacry-blockchain.html
Press Arrow to see next layer of transactions

all controls and resource. This is a community bitcoin action that can be affected by this in the future I guess.
you put it into it. I got payment for the program promises and I just prom to it. If you think that I have taken a program please do not hesitate to PM and I am sure that they are running a program or other other. Can not say who sent the ransom to the address, even if the user ransom, their system is still not decay.
As far as I know, one can overcome it.