“Wana” Ransomware Earns Just $26,000 in Ransom Payments

Megalith

Megalith

24-bit/48kHz
Joined
Aug 20, 2006
Messages
13,000
The Bitcoin addresses tied to this week’s ransomware attack have only received slightly more than 15 BTC, which converts to approximately $26,148. That amount, of course, is totally disproportionate to the financial damage done to affected companies and users, and it sucks how some people’s lives were endangered for such a (comparatively) small reward. Unfortunately, a new strain of the ransomware has emerged without a killswitch, and chaos will likely resume on Monday morning when everyone tries to log onto their work machines.

According to a detailed writeup on the Wana ransomware published Friday by security firm Redsocks, Wana contains three bitcoin payment addresses that are hard-coded into the malware. One of the nice things about Bitcoin is that anyone can view all of the historic transactions tied a given Bitcoin payment address. As a result, it’s possible to tell how much the criminals at the helm of this crimeware spree have made so far and how many victims have paid the ransom. A review of the three payment addresses hardcoded into the Wana ransomware strain indicates that these accounts to date have received 100 payments totaling slightly more than 15 Bitcoins — or approximately $26,148 at the current Bitcoin-to-dollars exchange rate.
 
"just" that was on saturday... Wait till people come back to their machines this week.

Lets see how much roll in over the next month as people find they need files on their machine that were not stored on the network ..
 
I remember the good 'ol days. When people had to hustle for that kind of scratch on a weekend. Damn computers.
 
Maybe we are getting jaded hearing the .1% making millions if not billions ... but 26K in a weekend is quite a bit sum of money for most of the world.
 
Seize those bitcoin accounts and any transfers halted. Also, decrypt code should be published for further investigation.
 
Wonder if the new strain is the same with just the kill switch removed or is also modified to bypass the Microsoft patch?
 
Seems like an awfully poor risk reward. One can earn that much by painting a few houses.
 
Those bitcoin addresses are going to be watched closely - curious on how they are going to try to cash them in with all those eyes on them.
 
Bloodystumps said:
would be interesting to see how many people got their files back after they paid, if any.
Click to expand...

I don't expect them to do so since it would add to the evidence of who they really are.

If I became infected, I would reformat before ever giving any of those scum a dime.
 
5icko said:
Seems like an awfully poor risk reward. One can earn that much by painting a few houses.
Click to expand...

Don't get much notoriety painting a house. Or a job offer from all the cyber security firms for 6 digit jobs once you do your 3 years of jail :)
 
vegeta535 said:
Yea sure only a few. You know how much labor is involved to paint a house. It is not the same as siting in a chair for a few hour in you mother's basement.
Click to expand...

Yes, I do know what it takes to paint a house. Painted many.

And sure, easier to sit in mom's basement... but the risk to prison (for me) isn't worth a scant $25k. Your risk assessment might be different.
 
The issue was:

A) Bitcoin is still newer. So most elderly and non tech-savvy users were not likely to be able to figure out how to pay.

B) The demand was too high. With how widespread it was, had the ask been lower (like $50), more people may have paid it just to make the hassle go away. The monetary ransom has to be less than the perceived cost of the hassle in trying to fix it by another means.
 
Three R's come into play, reboot, reboot, reimage...

Now for those companies not keeping up in their IT infrastructure. Some people will be making some overtime before they get let go.
 
"Correction: This piece was based on the premise that a new piece of WannaCry ransomware spread in the same manner as the one that was responsible for widespread attacks on Friday, and that it did not contain a so-called kill switch. However, after the publication of this article one of the researchers making this claim, Costin Raiu, director of global research and analysis team at Kaspersky Lab, realized that was not the case. The ransomware samples without the kill switch did not proflierate in the same manner, and so did not pose the same threat to the public. Motherboard regrets the error."
 
isn't it like $300, unless you don't pay right away, then it becomes $600, then the files start deleting... There are some bad business decisions there. The other models are much more effective because there is no time limit, and besides the service has demonstrated to be reliable. Vs this, I suspect many people would take 6 hours just to figure out how to do the bitcoins....
 
^ True, they're definitely losing to the time limit with most people having to figure out bitcoin from ground 0.
 
emphy said:
Those bitcoin addresses are going to be watched closely - curious on how they are going to try to cash them in with all those eyes on them.
Click to expand...


They can send them through several exchanges and convert to other crypto currencies, then just cash it out in a 3rd world country under fake creds most likely and have some set up person go collect the money.
 
You must log in or register to reply here.
Back
Top