Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
The Almighty Buck Crime Security

WanaDecrypt0r Ransomware Earns Just $26,000 In Ransom Payments (krebsonsecurity.com) 222

An anonymous reader quotes Krebs On Security: As thousands of organizations work to contain and clean up the mess from this week's devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what's being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam...

It's worth noting that the ransom note Wana popped up on victim screens (see screenshot above) included a "Contact Us" feature that may have been used by some victims to communicate directly with the fraudsters... I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward.

This discussion has been archived. No new comments can be posted.

WanaDecrypt0r Ransomware Earns Just $26,000 In Ransom Payments

Comments Filter:
  • by CRC'99 ( 96526 )

    Hopefully if it becomes the norm that people don't make any money from these things, it won't be worth the effort to do....

    • Re: Good. (Score:5, Insightful)

      by Entrope ( 68843 ) on Sunday May 14, 2017 @07:45AM (#54413407) Homepage

      Has that stopped bank robbers?

      Criminals are not known for having the world's best impulse control or understanding of expected itchiness.

      • by CRC'99 ( 96526 )

        Its not the average thief putting something together like this.... What this has proven is that the reward for getting on the WANTED list on just about every country in the world is somewhat small.

      • Re: Good. (Score:5, Insightful)

        by jellomizer ( 103300 ) on Sunday May 14, 2017 @07:58AM (#54413443)

        Bank robbers are not in it to make a load of money unless they are planning to break the vault. Normally they are just trying to get some cash to pay for drugs or a loan shark.
        But compared to deploying a wide scale attack, a normal bank robbery doesn't require a lot of planning, unlike the a technical attack where there is days of planning.

      • Seems like it has. Bank robbery in the form of "hands up and fill up these bags" has become extremely rare here. The more sophisticated criminals break in at night and hit the safety deposit boxes instead, or they hit armored car companies. At the lower end you have the guys who hit ATMs, which have been protected to the point where the criminals use heavy explosives to get at the safe. Causing an awful lot of collateral damage, I might add.
        • by Dunbal ( 464142 ) *

          At the lower end you have the guys who hit ATMs, which have been protected to the point where the criminals use heavy explosives to get at the safe.

          Which is why here they prefer to stick a gun in your face and get you to withdraw as much cash as you can from the ATM. Rinse/repeat.

      • by gweihir ( 88907 )

        Bank robbers are the most stupid of the stupid, because everyone at least a little bit smart knows that a) they get little money out of it and b) basically all get caught.

        So yes, for most practical purposes it has eliminated the threat from bank-robbers. They are a nuisance today at best and all of them are morons.

        I would also like to point out that bank robbers never ever did anywhere near the damage that these people just did.

    • I agree. Being that there are so many randomware attacts which even after you pay you don't get your data back. It really doesn't make any sence to pay it. And either you restore or just consider your data loss.
      The problem with criminal money making, is that there will be someone willing to mess up your "business plan" with no legal recourse. What is this guy going to do sue the malware makers who don't decrypt people's data after paying for it?

    • Hopefully if it becomes the norm that people don't make any money from these things, it won't be worth the effort to do....

      I highly doubt it. Sadly, people do this kind of malicious shit just for the fun of it.

      Before the concept of anonymous e-cash and ransomware came along, they often did.

      • There were even books written... basically tutorials... on how to write a virus, with examples, long before there was any financial incentive to write one.
    • It appears these guys (Is that sexist?) have mispriced their product. They have several options:

      1. Increase their rates in hopes of generating more revenue from the same number of clients

      2. Decrease their rates in hopes of generating more revenue from many more clients

      3. Increase the number of computers they infect (i.e. broaden their customer base)

      4. Improve their targeting in order to do a better job of reaching clients who will pay up.

      They clearly need help from Ivy League MBAs

  • Without knowing how much time and money they put into creating, disseminating, and maintaining it we won't know the RIO. If it was an evenings work, and nothing more than a side job, then $26K could be worthwhile.
    • Income $26K, cost to scammer ... probably not a lot, maybe a $few K. Cost to those scammed: huge, potentially millions and maybe a few lives lost or harmed — it hit quite a few hospitals; not that the scammers really care what it cost other people.

      What is surprising is that something like this has not happened before now.... and when, oh when, are people going to stop using MS Windows for mission critical systems?

      • by arth1 ( 260657 ) on Sunday May 14, 2017 @08:28AM (#54413511) Homepage Journal

        Cost to those scammed: huge, potentially millions and maybe a few lives lost or harmed â" it hit quite a few hospitals; not that the scammers really care what it cost other people.

        There are also some benefits to society, like boosting emergency preparedness. This has clearly shown how NHS in particular are overly dependent on computer systems, to a point that hospitals can't operate when systems go down. How would they be able to handle a real emergency, like a war?

        Nobody knew, or those who did didn't say anything. Now everybody knows, and there's a chance of vulnerabilities being scrutinized and contingency plans made and tested.

        • by UPZ ( 947916 )

          There are also some benefits to society, like boosting emergency preparedness. This has clearly shown how NHS in particular are overly dependent on computer systems, to a point that hospitals can't operate when systems go down. How would they be able to handle a real emergency, like a war?

          Nobody knew, or those who did didn't say anything. Now everybody knows, and there's a chance of vulnerabilities being scrutinized and contingency plans made and tested.

          Agreed that sometimes a small injury to an intelligent entity can encourage preparedness (and budget justification) for bigger injuries. Compared to a physical war or a full on nation-state cyber attack, this is a relatively small injury. Not to say that any kind of injury is ever a good thing, obviously.

      • by gtall ( 79522 )

        "when, oh when, are people going to stop using MS Windows for mission critical systems?"

        As soon as companies decide they need more than click and drool bodies doing their compute infrastructure. In a word, never. The problem is that the sort of person who can make the correct hiring decisions has been hired by people who have the least understanding of what it takes to secure systems, so they hire someone just like them who in turn hires the least expensive "talent", thus being able to report back that he's

      • "What is surprising is that something like this has not happened before now.... and when, oh when, are people going to stop using MS Windows for mission critical systems?"

        Not any time soon. Think for a while about the actual costs of moving a business, school, or government department off Windows. Acquiring new software, Developing new procedures. Training people. Rewriting the CFO's Excel spreadsheets and macros to work on something other than MS Office, etc.etc.etc.

        Yes, Windows has evolved into a fair

    • by mikael ( 484 )

      The tech consultants on the UK newschannels say that it is possible to buy randomware kits off the black market.

      https://nakedsecurity.sophos.c... [sophos.com]

      Given that shareware file system explorers and encryption routines are standard library functions, and it's easy enough to create a webpage with paypal and bitcoin pay buttons, just tacking on some network system exploits will allow the implementation of instant randomware.

    • by gweihir ( 88907 )

      Not really. You can make this little money with conventional fraud in a few months at most, with nowhere near the risk of getting caught.

  • by dreamchaser ( 49529 ) on Sunday May 14, 2017 @08:01AM (#54413451) Homepage Journal

    "However, I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward. "

    This is the most idiotic statement I've ever seen him make. It is a good thing if there was little reward, and his implication that he is disappointed that they didn't get more is just mind boggling.

    • by Zocalo ( 252965 ) on Sunday May 14, 2017 @08:25AM (#54413501) Homepage
      I think you're looking at it from a different perspective to Krebs, although I agree that the wording could have been better. My impression is that he's saying he's depressed that those responsible would (presumably) consider the massive cost of cleaning this up for those impacted as collateral damage for their relatively meagre $26k return. Of course, other than the raw numbers, that's no different from any other legal industry where profits rely on basically screwing over others in order to make a buck; you could just as easily level the same charge at any industry with a significant environmental impact, for instance.
      • by chill ( 34294 ) on Sunday May 14, 2017 @09:25AM (#54413659) Journal

        Agreed.

        I think Krebs means "if they're willing to cause this much grief for so little return, we don't have much hope of economics ever stopping these attacks".

        The ROI on this is probably insignificantly low, so we're stuck with this sort of shit.

        • The ROI on this is probably insignificantly low, so we're stuck with this sort of shit.

          I don't think you are using the term "ROI" correctly.

          Setting up the whole ransomware attack could have been set up with a few hours work. $26K for a few hours work is a pretty good ROI, especially if you are not in a first-world country.

          The issue is the damage caused to make $26k, but perhaps the ransomer doesn't care about that. It's an externalized cost.

      • by epine ( 68316 )

        I agree that the wording could have been better.

        Yes, and at the same time, it could hardly have been worse.

        I find it depressing to indulge in my darkest projected nightmare that those involved blow through the entire $26,000 on a sleep-deprived cocaine and hooker binge, and are right back at it a week later.

        That would be the honest thing to write after a weekend movie binge including The Wolf of Wall Street, Fear and Loathing in Las Vegas, Brewster's Millions, 21, The Starbucks scene in Austin Powers, and t

    • Spot on. The logical fallacy (that Krebs is subscribing to) is that people who would stoop to this form of income generation would be bothered in the slightest by the imposition their activities cause others.

      You see examples of this all the time. Perpetrators cause thousands of dollars in damage to a vehicle to steal tens of dollars worth of loot. Air conditioning equipment worth thousands is rendered worthless for a few dollars in scrap copper.

      You might say the give-a-shitter is broken in these folks.

    • This is the most idiotic statement I've ever seen him make. It is a good thing if there was little reward, and his implication that he is disappointed that they didn't get more is just mind boggling.

      I agree completely! I mean, with such an awful payment interface they shouldn't be rewarded! What they should have done is made a nice form where people can type in their credit card number which then purchases and sends the bitcoin where it's needed without any additional user interaction. I'm just say, streamlined ransomware interfaces are what we really need. ;)

    • by gweihir ( 88907 )

      Indeed. Even amateur criminals stop high-risk crime if it turns out to not pay. Professional criminals would never do such a thing in the first place. Far too high profile, far too high damage and hence far too high change to piss off some people that can actually do something about it.

    • This is the most idiotic statement I've ever seen him make. It is a good thing if there was little reward, and his implication that he is disappointed that they didn't get more is just mind boggling.

      Your brain doesn't seem to work right. What Krebs dislikes is someone creating tremendous damage for very little gain. What would you prefer: Some pickpocket pulling $20 from your wallet, or some idiot smashing your car windows to steal $20 from the glove compartment, then setting the car on fire to destroy any fingerprints?

      • Bullshit. I'm sure he just chose the wrong words but what he wrote was akin to 'The bankrobbers killed several people and I'm depressed that they did that but didn't get away with a ton of money in the process.' Look to your own brain.

    • Have you considered that the message "there are no winners here not even the criminals" would be written in exactly the same way?
      I think your shoot the messenger attitude is from not considering the context.
  • by markdavis ( 642305 ) on Sunday May 14, 2017 @08:05AM (#54413457)

    This is why we should ever pay ransomware.

    1) There is a big chance they are not going to unlock your data, anyway.

    2) You don't know if they have also stolen all the data and can then do other things to harm you in other ways. Or left residuals in your computer.

    3) By paying, you are a "mark" so they might go after you again.

    4) Paying absolutely encourages them to continue this behavior and incentivizes others to joint them.

    We need to educate everyone: Backup your data redundantly and check it regularly, and don't pay ransomware.

    • Then find them and smash the goddamn heads in with a baseball hat live on YouTube, just to make sure.

      • by gtall ( 79522 )

        Yep, all we need to do is ask the perps whether they did it. Then we can pop them if they say yes. They'll be real forthcoming when they see the baseball bats.

    • 1) There is a big chance they are not going to unlock your data, anyway.

      "They" aren't going to unlock your data. You are. But with their pricing, they will almost certainly tell you how. If they don't, their revenue stream will become nonexistent once the word gets out that paying doesn't get the data back.

      • by nadaou ( 535365 )

        "Sorry we didn't receive your payment, could you try again?"

      • by dbIII ( 701233 )
        That's a bit naive of you.
        Scammers work on the assumption that "there's a sucker born every minute".
        Word gets out, but then they just move onto someone that hasn't listened to the word or thinks "others got stung but I'll be ok".
    • We need to educate everyone: Backup your data redundantly and check it regularly, and don't pay ransomware.

      Actually, I think this is one problem which does have a (partial) technical solution. Right now files on computer storage are treated as unique discrete objects with a single state. We're unnecessarily treating a virtual object as if it were a physical object. Newer filesystems have the ability to retain the previous states of a file (snapshots). NTFS has it [wikipedia.org], but it has to be turned on manually. I

    • by houghi ( 78078 )

      Backup your data redundantly and check it regularly,

      And by chewcking, try out if the restore works, not if the backup worked.

      I myself use StoreBackup for redundant backups of data that changes on a regular basis (config files and system settings) and rsync for fixed data (e.g. music and music)

  • by mark_reh ( 2015546 ) on Sunday May 14, 2017 @08:05AM (#54413461) Journal

    Until you factor in trying to hide from the FBI/Interpol for the rest of your life. Are you sure those transactions are completely untraceable? Yeah, sure, keep telling your self that. Sleep well...

    • by JaredOfEuropa ( 526365 ) on Sunday May 14, 2017 @08:37AM (#54413535) Journal
      BTC transactions are utterly and completely traceable, that's kind of the point. They are anonymous, though. So what these criminals will do is pay some poor sap to set up a BTC wallet, send the bitcoins to him, let him convert them to currency on his bank account, after which the criminals will simply withdraw the money from an ATM using his card. As long as you have no relationship to the middleman and if he keeps his mouth shut (or better yet: has no clue as to who you are), you're safe. Criminals use this method all the time.
      • BTC transactions are utterly and completely traceable, that's kind of the point. They are anonymous, though. So what these criminals will do is pay some poor sap to set up a BTC wallet, send the bitcoins to him, let him convert them to currency on his bank account, after which the criminals will simply withdraw the money from an ATM using his card. As long as you have no relationship to the middleman and if he keeps his mouth shut (or better yet: has no clue as to who you are), you're safe. Criminals use this method all the time.

        One challenge may be the volume of cash being transferred. For small amounts over time a few accounts might suffice; but for tens of thousands of dollars over a short period limits on ATM withdrawals limit access to cash and either require more time or a lot of accounts; either of which increases the chances of getting caught or in the former of the funds being cutoff before you can get the bulk of them. Alternatively you could leave them as Bitcoin and dole them out over time; but I can see where at some p

    • Until you factor in trying to hide from the FBI/Interpol for the rest of your life. Are you sure those transactions are completely untraceable? Yeah, sure, keep telling your self that. Sleep well...

      Not only that, but they've pissed off a number of countries as well; some of whom may not worry as much about some of the niceties of the law.

      In addition, the use of Bitcoin as payment will no doubt result in increased pressure on exchanges to make both parties of a transaction identifiable so that the recipients of ransom payments can be identified and apprehended and payments stopped; so even if they are mules the source of cash is cutoff. At some point exchanges depend on the banking system to convert Bi

  • People in hospitals did not get care due to this. There was at least one critical stroke response unit that had shut down complete. Medical equipment also relies on computers, some of which were vulnerable. You want to blame the "victims" for un-patched systems? Sure, all systems should be up to date, but that's a bit like blaming the victim of a stray bullet from a gun fight for not wearing combat armor when he went out for a sandwich that day.
    • by xystren ( 522982 )

      This is a prime example of our over-reliance on technology. For years, since I was a teen in the '80s, I always asked 'what happens if this stuff fails.' I recall events with the phone company, where the land lines wend down for almost 20 hours, due to a failure that cascaded down their redundancy plans. I remember the $#i7storm that arose out of that, both civil and political (this was a gov't crown corporation In Canada).

      We see difficulties when the power goes out in retail stores, that staff is unable to

      • by nnull ( 1148259 )
        This is a prime example of massive incompetence that's prevailing in every industry. Simple as that.
        • by CFD339 ( 795926 )
          If you take advantage of someone's incompetence to kill people, you are still a murderer.
  • by kenh ( 9056 )

    I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward

    Yeah, as clever as they were they deserved more money?!

    Just think, because it made so little money, this may be the last time we see such a wide scale attack, how sad... /sarcasm

    • by Zocalo ( 252965 )
      "Just think, because it only killed a few valuable targets, this will be the last time we see someone drop a few 100kg of high explosive into a residential zone, how sad..."

      It's not the best wording, but Krebs is clearly bemoaning the relative levels of collateral damage here, not the relatively meagre payoff for the perpetrators.
  • "Contact Us" feature that may have been used by some victims to communicate directly with the fraudsters...

    So the agencies that supposedly can backdoor any electronics and trace all movements of data can't penetrate thise fragile Bitcoin exchanges or trace phone calls to the perps?

    • They'd be all over "tracing the phone calls to the perps" if they could "incidentally" intercept Republicans at the same time.
    • by athmanb ( 100367 )

      I'm assuming the "Contact Us" feature goes over Tor, so you can already forget any CSI-style phonetapping or IP tracing.

      The FBI could probably try to infect the perps with some 0-day malware to uncover their real identities but I'm guessing the elect not to try it because the chances of them actually falling for a cheap trick like that is miniscule compared to them grabbing the malware, reverse engineering it, then using it to infect more people.

  • by gweihir ( 88907 ) on Sunday May 14, 2017 @11:21AM (#54414075)

    The good thing here is that people have apparently gotten the message to not ever pay these people. Given that they will be completely destroyed if ever caught and that there is a lot of incentive to catch them, I hope this problem will just vanish over time.

    • by nnull ( 1148259 )
      But they're still going to pay their incompetent staff and contractors. So they are paying off someone in the end.
  • by itwasgreektome ( 785639 ) on Sunday May 14, 2017 @12:03PM (#54414261)
    I think history is gonna show us that we were responsible for the Wana attack. It didn't cross my mind until I heard on NPR that Russia was the county that suffered from the attack the most- even getting into government computers. The Shadow Brokers released this trove of hacking tools a little while ago. This meant the door on using this exploit was going to start closing slowly. We also knew that hackers would take advantage of this exploit. So why wouldn't the US Govt, under the guise of a random hacker, use this exploit to garner as much info as possible on Russia while it was still possible? Remember that Obama told Russia that we would get them back, at the time and date of our choosing. And this would explain why the built in shutdown was hidden in the code- I wouldn't be surprised if that 20 something year old security researcher wasn't tipped off to register that domain name once we'd gotten access to some of Russia's infrastructure, to mitigate collateral damage to the innocent bystanders. That would explain why they "only" got $26k, if their M.O. was to make money there would have been zero reason to include a kill switch in the code.
    • by dbIII ( 701233 )

      I wouldn't be surprised if that 20 something year old security researcher wasn't tipped off

      I hate to extinguish your fantasy but script-kiddie shit is invariably shit so it's quite likely that the first person with a clue to take a really good look at the malware could find a hole.
      If your fantasy was correct somebody "connected" would be the one tipped off to claim the glory.

  • It shows the bean counters the cost of not keeping systems up to date.

  • It's like those criminals who do $100K damage to some expensive electrical equipment just so they can scrounge a few hundred dollars worth of copper. They simply don't care how much damage they do to other people as long as they get a few bucks in their pocket.
    • I think you've described at least 20% of the population. Half of those will be stealing your copper, the other half will be stealing your pension.

  • Bitcoin ... the currency of criminals.

Make it right before you make it faster.

Working...