Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
The Almighty Buck Crime Security

WanaDecrypt0r Ransomware Earns Just $26,000 In Ransom Payments (krebsonsecurity.com) 33

Posted by EditorDavid from the wanna-laugh dept.
An anonymous reader quotes Krebs On Security: As thousands of organizations work to contain and clean up the mess from this week's devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what's being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam...

It's worth noting that the ransom note Wana popped up on victim screens (see screenshot above) included a "Contact Us" feature that may have been used by some victims to communicate directly with the fraudsters... I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward.

WanaDecrypt0r Ransomware Earns Just $26,000 In Ransom Payments More | Reply

WanaDecrypt0r Ransomware Earns Just $26,000 In Ransom Payments

Comments Filter:

  • Good. (Score:2)

    by CRC'99 ( 96526 )

    Hopefully if it becomes the norm that people don't make any money from these things, it won't be worth the effort to do....

    • Has that stopped bank robbers?

      Criminals are not known for having the world's best impulse control or understanding of expected itchiness.

      • Re: (Score:2)

        by CRC'99 ( 96526 )

        Its not the average thief putting something together like this.... What this has proven is that the reward for getting on the WANTED list on just about every country in the world is somewhat small.

      • Bank robbers are not in it to make a load of money unless they are planning to break the vault. Normally they are just trying to get some cash to pay for drugs or a loan shark.
        But compared to deploying a wide scale attack, a normal bank robbery doesn't require a lot of planning, unlike the a technical attack where there is days of planning.

    • I agree. Being that there are so many randomware attacts which even after you pay you don't get your data back. It really doesn't make any sence to pay it. And either you restore or just consider your data loss.
      The problem with criminal money making, is that there will be someone willing to mess up your "business plan" with no legal recourse. What is this guy going to do sue the malware makers who don't decrypt people's data after paying for it?

    • Hopefully if it becomes the norm that people don't make any money from these things, it won't be worth the effort to do....

      I highly doubt it. Sadly, people do this kind of malicious shit just for the fun of it.

      Before the concept of anonymous e-cash and ransomware came along, they often did.

      • There were even books written... basically tutorials... on how to write a virus, with examples, long before there was any financial incentive to write one.
  • Without knowing how much time and money they put into creating, disseminating, and maintaining it we won't know the RIO. If it was an evenings work, and nothing more than a side job, then $26K could be worthwhile.

    • Income $26K, cost to scammer ... probably not a lot, maybe a $few K. Cost to those scammed: huge, potentially millions and maybe a few lives lost or harmed — it hit quite a few hospitals; not that the scammers really care what it cost other people.

      What is surprising is that something like this has not happened before now.... and when, oh when, are people going to stop using MS Windows for mission critical systems?

      • Re: (Score:2)

        by arth1 ( 260657 )

        Cost to those scammed: huge, potentially millions and maybe a few lives lost or harmed â" it hit quite a few hospitals; not that the scammers really care what it cost other people.

        There are also some benefits to society, like boosting emergency preparedness. This has clearly shown how NHS in particular are overly dependent on computer systems, to a point that hospitals can't operate when systems go down. How would they be able to handle a real emergency, like a war?

        Nobody knew, or those who did didn't say anything. Now everybody knows, and there's a chance of vulnerabilities being scrutinized and contingency plans made and tested.

    • Re: (Score:2)

      by mikael ( 484 )

      The tech consultants on the UK newschannels say that it is possible to buy randomware kits off the black market.

      https://nakedsecurity.sophos.c... [sophos.com]

      Given that shareware file system explorers and encryption routines are standard library functions, and it's easy enough to create a webpage with paypal and bitcoin pay buttons, just tacking on some network system exploits will allow the implementation of instant randomware.

  • "However, I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward. "

    This is the most idiotic statement I've ever seen him make. It is a good thing if there was little reward, and his implication that he is disappointed that they didn't get more is just mind boggling.

    • I'd mod you up if I had points. The less incentive to pull off these attackes, the better.

    • Re: (Score:2)

      by Zocalo ( 252965 )
      I think you're looking at it from a different perspective to Krebs, although I agree that the wording could have been better. My impression is that he's saying he's depressed that those responsible would (presumably) consider the massive cost of cleaning this up for those impacted as collateral damage for their relatively meagre $26k return. Of course, other than the raw numbers, that's no different from any other legal industry where profits rely on basically screwing over others in order to make a buck;

  • Rewarding bad behavior (Score:3)

    by markdavis ( 642305 ) on Sunday May 14, 2017 @08:05AM (#54413457)

    This is why we should ever pay ransomware.

    1) There is a big chance they are not going to unlock your data, anyway.

    2) You don't know if they have also stolen all the data and can then do other things to harm you in other ways. Or left residuals in your computer.

    3) By paying, you are a "mark" so they might go after you again.

    4) Paying absolutely encourages them to continue this behavior and incentivizes others to joint them.

    We need to educate everyone: Backup your data redundantly and check it regularly, and don't pay ransomware.

  • Until you factor in trying to hide from the FBI/Interpol for the rest of your life. Are you sure those transactions are completely untraceable? Yeah, sure, keep telling your self that. Sleep well...

Slashdot Top Deals

"Help Mr. Wizard!" -- Tennessee Tuxedo

Close