Понеже работя в компания за мрежова сигурност, споделям малко вътрешна информация за атаката от Петък.
Резултат 1:0 за хакерите и най много "жертви" в Матушка Русь.
Happy readin`
Based on a code analysis of an example of the WannaCry ransomware, there are at least three bitcoin wallet addresses which the perpetrators are using to receive ransomware payments. Because of the open and distributed nature of the bitcoin “blockchain”, we can view the details of payments going to those wallets; as of 3pm today (15 May) they’d received a total of $55,000:
Bitcoin wallet address Bitcoins received
https://blockchain.info/address/115p7UM ... fJNXj6LrLn8.21197062
https://blockchain.info/address/12t9YDP ... A8isjr6SMw11.65537468
https://blockchain.info/address/13AM4VW ... uy6NgaEb9411.69393715
Total bitcoins received 31.56128245
Current $ value per bitcoin $1,753
Total $ value received $55,327
Some comments and observations:
- The first payments to these wallets were last Friday when the outbreak started, and payments continue to be made; the total has increased by around $4000 increase in the last 3 hours
- There may be more to come as organisations left with no choice but to pay the ransom to unlock one or more PCs may not have done so yet; it can take time to get the corporate approvals to spend money and a ransom payment is not exactly routine expenditure; also companies typically don’t have a Bitcoin account standing at the ready and would need time to set one up.
- Most payments received were for around $300 in value each (the cost of one ransom) though I’ve seen one for almost $3500 suggesting at least one victim organisation had no choice but to pay to unlock multiple PCs
- If you track the payment chains back to the bitcoin “exchanges” where the victims presumably bought their bitcoins from, a Russian site (BTC-E) is the most frequent one that crops up, suggesting many ransoms have been paid by Russian victims
- No payments have been made OUT of these bitcoin wallets yet so the perpetrators do not seem to have “cashed out” anything; law enforcement agencies will doubtless be trying to follow the transaction trail when the perpetrators do try to spend their ill-gotten bitcoins, or turn them into cash, in an attempt to identify and apprehend them.
- There is a UK company called Elliptic which performs “blockchain intelligence” to help with the process of tracking blockchain transactions and they have added a graph to their web site showing the WannaCry payments over time.
- Unlike some ransomware strains which create a unique reference number for each encrypted PC, allowing them to match incoming payments to affected PCs and create a unique unlock code for those who pay up, WannaCry doesn’t seem to do the same. Quite how (and whether) the perpetrators plan to unlock PCs for those who pay up is unclear at this stage.