Monitoring WannaCry hackers' bitcoin addresses in real time

[wxa7115]

In the beginning internet is not a safe place for everyone. Click, download, register etc. at your own risk.

It has been revealed that this did not spread by clicking on any links.

See this link https://www.wsj.com/articles/cybersecurity-experts-first-task-find-out-how-virus-spread-1494868250

From the article:

Investigators have already ruled out phishing—tricking someone into opening a seemingly legitimate email attachment that actually contains the virus—as a possible tactic. One of their hypotheses centers on something called port 445, an outlet that isn’t supposed to be connected to the internet.

Then this means the virus is even more dangerous than we thought, just another reminder for some that using window for anything serious is a  big mistake, if you want to use it to hear some music and navigate on the internet fine, but if money is involved or sensitive information is better to use another operative system.

[avadhoot]

Is there a blockchain based file backup solution?

Do people really not back up their files regularly?

I would assume that a huge part of the reason the thieves aren't getting as much money as we'd expect is because most people back up their files at least every month or so.  Institutions should back up their files much more regularly than that.

Unless there's very significant new sensitive information that needs decrypting, there's not much reason for people to pay such a big ransom.  If it was $20 instead, I would probably pay it anyway, but there's really no point.

[vapourminer]

Do people really not back up their files regularly?

talk to friends and co workers, the non tech types.

hardly any back stuff up. i hear then moaning all the time about how they lost prized family photos, resumes and other important docs  and such due to simple drive failure.

[aoluain]

Is there a blockchain based file backup solution?

That is a very good question.

Im sure the likes of SIA, MAIDSAFE and STORJ
Would have that covered as the are file storage
Blockchain technologies.

[Pattberry]

I am waiting for them to move the coins and i am sure they will make a stupid mistake that will end up in the hands of the law.They wont move anything for now as they know that the heat is on them and everyone will be monitoring the wallets.What ever they plan on doing with it,it is not easy to move them without anyone noticing.

[Mike Mayor]

I am waiting for them to move the coins and i am sure they will make a stupid mistake that will end up in the hands of the law.They wont move anything for now as they know that the heat is on them and everyone will be monitoring the wallets.What ever they plan on doing with it,it is not easy to move them without anyone noticing.

I doubt anyone can find them. How ? So what if they know the address ? It won't help when you don't know and can't prove the owner. It would be interesting to each but is the investment of time really worth it ?

Still if noone paid this then things like these wouldn't exist. Just osy no attention to the randsom side of it. It's just a normal virus where the creator is taking a shot in the dark at some free money.

[salmanahmedone]

I am waiting for them to move the coins and i am sure they will make a stupid mistake that will end up in the hands of the law.They wont move anything for now as they know that the heat is on them and everyone will be monitoring the wallets.What ever they plan on doing with it,it is not easy to move them without anyone noticing.

Well even if they move the funds from the wallets to another bitcoin wallet they wont be caught. They can only be caught when they will move the funds to the Fiat currency. They can use the bitcoin mixer service and then no one will get the clue of them forever.

[deisik]

I am waiting for them to move the coins and i am sure they will make a stupid mistake that will end up in the hands of the law.They wont move anything for now as they know that the heat is on them and everyone will be monitoring the wallets.What ever they plan on doing with it,it is not easy to move them without anyone noticing

Why should they necessarily make any mistake?

They were sane enough to craft such a virus in the first place capable of bringing down thousands if not millions of computers across the whole world (obviously, only a tiny fraction of affected users paid the ransom), so they should be pretty seasoned in such affairs (after all, MakeMeCry might not be their first accomplishment) and thus there are not many chances that they will get caught eventually. How many exchange hackers got caught in the end? And the number of bitcoins at stake is simply incomparable (just in case, over 120k bitcoins had been stolen from Bitfinex)

[aoluain]

Yea i'm sure enough that if they can create and plant the virus
they sure as hell know how to liquidate the rewards into fiat
if they wanted, im sure they have a gameplan and its running
smoothly 

[vapourminer]

Why should they necessarily make any mistake?

They were sane enough to craft such a virus in the first place capable of bringing down thousands if not millions of computers across the whole world (obviously, only a tiny fraction of affected users paid the ransom), so they should be pretty seasoned in such affairs (after all, MakeMeCry might not be their first accomplishment) and thus there are not many chances that they will get caught eventually. How many exchange hackers got caught in the end? And the number of bitcoins at stake is simply incomparable (just in case, over 120k bitcoins had been stolen from Bitfinex)

word is they made some amateur mistakes: one was that hardcoded kill switch url. and only 3 btc addys? no unique id per computer?

my theory is it was some script kiddies and it went way over what they expected.

those addys most likely will be watched by more law enforcement than any in history..

[zend7]

Why should they necessarily make any mistake?

They were sane enough to craft such a virus in the first place capable of bringing down thousands if not millions of computers across the whole world (obviously, only a tiny fraction of affected users paid the ransom), so they should be pretty seasoned in such affairs (after all, MakeMeCry might not be their first accomplishment) and thus there are not many chances that they will get caught eventually. How many exchange hackers got caught in the end? And the number of bitcoins at stake is simply incomparable (just in case, over 120k bitcoins had been stolen from Bitfinex)

word is they made some amateur mistakes: one was that hardcoded kill switch url. and only 3 btc addys? no unique id per computer?

my theory is it was some script kiddies and it went way over what they expected.

those addys most likely will be watched by more law enforcement than any in history..

They may well be but those addresses have only about 150k USD in total. I understand that the law enforcement want to track these guys down but I am not that confident at this. Other people , a lot more amateur than these ones like Hashocean got away with more than 3.5 mln USD stolen from users in their ponzi scheme scam. As far as I know they are free and enjoying their money. The same will do these guys of the ransomware as mixing services hidden in the TOR network do not care where the bitcoin come from, they just mix them.

[BurtW]

They may well be but those addresses have only about 150k USD in total.

they just mix them.

Where did you get 150K USD?  Were you just guessing? I see them getting 100K USD so far.  Here:

https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet

Yes, They can just mix the coins and then cash out.  Simple to do.

[deisik]

Why should they necessarily make any mistake?

They were sane enough to craft such a virus in the first place capable of bringing down thousands if not millions of computers across the whole world (obviously, only a tiny fraction of affected users paid the ransom), so they should be pretty seasoned in such affairs (after all, MakeMeCry might not be their first accomplishment) and thus there are not many chances that they will get caught eventually. How many exchange hackers got caught in the end? And the number of bitcoins at stake is simply incomparable (just in case, over 120k bitcoins had been stolen from Bitfinex)

word is they made some amateur mistakes: one was that hardcoded kill switch url. and only 3 btc addys? no unique id per computer?

my theory is it was some script kiddies and it went way over what they expected.

those addys most likely will be watched by more law enforcement than any in history..

Obviously, only time will tell

Apart from that, did anyone get caught last years after hacking numerous exchanges out there? I don't mean the times of Ross Ulbricht (who was engaged in real criminal activity like drug dealing and similar things after all), I refer to more recent times, when, for example, Bitfinex had been hacked almost a year ago. Some Taiwanese student who created Chernobyl virus got off really cheap despite the fact that his virus likely wiped out as many drives in 1998 as this CryAgain virus

[wuvdoll]

For a global attack they have not collected a lot of bitcoin yet. Results as of 16:00 GMT

Address 1: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

live link: https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

31 transactions = 4.65255659 BTC



Address 2: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

live link: https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

27 transactions = 3.10004389 BTC



Wallet 3: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

live link: https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

36 transactions = 6.53259945 BTC



~ 14.28 BTC x $1735.35 per BTC = $24,781 ransom paid thus far.



Add more addresses as you find them.

This must be an awesome post for a change! That’s fascinating! I just checked one of the addresses and there is around 26 grand in that one address so they must have quite a lot by now. I wonder though what mixer would ever accept that much money and it would sure take a long time for the money to be laundered. Of course you also would have to do it with multiple launderers so I don’t know what their plan is.

[deisik]

This must be an awesome post for a change! That’s fascinating! I just checked one of the addresses and there is around 26 grand in that one address so they must have quite a lot by now. I wonder though what mixer would ever accept that much money and it would sure take a long time for the money to be laundered. Of course you also would have to do it with multiple launderers so I don’t know what their plan is.

Obviously, they don't need to launder all that amount at once

Moreover, even if some mixer could process that many bitcoins (which is not that many really, to tell the truth), it simply doesn't make sense to dump all these coins all at once unless the hackers are 100% certain that they won't be soon parted with their "hard-earned" and "well-deserved" bitcoins. If they are not so sure (which might well be the case), it would make sense to divide the spoil into small portions and launder them separately and cautiously. Other than that, they might not be interested in cashing out altogether

[ViceOfBTC21]

This must be an awesome post for a change! That’s fascinating! I just checked one of the addresses and there is around 26 grand in that one address so they must have quite a lot by now. I wonder though what mixer would ever accept that much money and it would sure take a long time for the money to be laundered. Of course you also would have to do it with multiple launderers so I don’t know what their plan is.

Obviously, they don't need to launder all that amount at once

Moreover, even if some mixer could process that many bitcoins (which is not that many really, to tell the truth), it simply doesn't make sense to dump all these coins all at once unless the hackers are 100% certain that they won't be soon parted with their "hard-earned" and "well-deserved" bitcoins. If they are not so sure (which might well be the case), it would make sense to divide the spoil into small portions and launder them separately and cautiously. Other than that, they might not be interested in cashing out altogether

For example buying $50 Monero for BTC in one round and selling them later for bitcoins. Repeat every week and discharge on exchange slowly. 100% guarantee of anonymity, but it works only if you have bitcoin business.

[deisik]

This must be an awesome post for a change! That’s fascinating! I just checked one of the addresses and there is around 26 grand in that one address so they must have quite a lot by now. I wonder though what mixer would ever accept that much money and it would sure take a long time for the money to be laundered. Of course you also would have to do it with multiple launderers so I don’t know what their plan is.

Obviously, they don't need to launder all that amount at once

Moreover, even if some mixer could process that many bitcoins (which is not that many really, to tell the truth), it simply doesn't make sense to dump all these coins all at once unless the hackers are 100% certain that they won't be soon parted with their "hard-earned" and "well-deserved" bitcoins. If they are not so sure (which might well be the case), it would make sense to divide the spoil into small portions and launder them separately and cautiously. Other than that, they might not be interested in cashing out altogether

For example buying $50 Monero for BTC in one round and selling them later for bitcoins. Repeat every week and discharge on exchange slowly. 100% guarantee of anonymity, but it works only if you have bitcoin business.

Well, you seem to be missing something here

Or maybe it is just me. So how are you going to buy Monero if your bitcoins are tainted? By tainted I mean the bitcoins that come from the wallet which the victims of this ransomware have been sending their monies to. There is no guarantee that your bitcoins won't be confiscated when you try to buy something with them. Indeed, you can sell them off the market to someone unsuspecting, but by doing this you will just expose them to the same risk of having their coins taken (though the hackers wouldn't give a fuck about that, obviously)

[LFC_Bitcoin]

What was the final known total of bitcoin's that they managed to get paid? They didn't get that many compared to what they were demanding the last time I looked.

All these companies & organisations just ignored the demands?

[Qartada]

What was the final known total of bitcoin's that they managed to get paid? They didn't get that many compared to what they were demanding the last time I looked.

All these companies & organisations just ignored the demands?

Current links to their addresses:

https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

They've got about 50 known Bitcoin, or about $112,500.  Considering just how many computers they infected and the fact that the price went up loads since the start, I'd call that a huge failure from them.

[LFC_Bitcoin]

What was the final known total of bitcoin's that they managed to get paid? They didn't get that many compared to what they were demanding the last time I looked.

All these companies & organisations just ignored the demands?

Current links to their addresses:

https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

They've got about 50 known Bitcoin, or about $112,500.  Considering just how many computers they infected and the fact that the price went up loads since the start, I'd call that a huge failure from them.

It looks that way doesn't it. Must be the usual line from governments & huge organisations who were affected - 'we do not negotiate with terrorists'.