Crippling Ransomware Demands Bitcoin To Decrypt Affected Files

Discussion in 'Newsroom' started by David, May 15, 2017.

  1. 2017/08/25 - Decred v1.0.8 released! → Release Notes  → Downloads
  1. David

    David Sr. Member

    Jan 22, 2016
    345
    205
    Male
    Network Engineer
    Las Vegas
    This is probably negative exposure for crypto, but it's interesting to see someone use BTC in this way.

    http://www.dailymail.co.uk/news/article-4503396/Hunt-bitcoin-bandits-unleashed-crippling-virus.html

    The following text was taken from dailymail.co.uk:

    Hunt for the bitcoin bandits: World’s cyber police are on the trail of the gang who unleashed crippling virus

    • Computer specialists urgently working to stop spread of the ransom virus
    • Attack has locked 130,000 computers across the globe with demands for £230
    • Experts last night said the hacking culprits may be from Russia or the Ukraine
    By Michael Powell for The Mail on Sunday
    PUBLISHED: 17:54 EDT, 13 May 2017 | UPDATED: 21:03 EDT, 13 May 2017


    An international army of detectives was working around the clock last night to hunt down the cyber crooks behind the hacking attack that crippled the NHS and froze IT systems in 100 countries around the world.

    Computer specialists from 27 European nations were urgently trying to stop the spread of the ransom virus behind the biggest ever hacking attack of its kind.

    The attack has locked 130,000 computers with a message demanding that users pay a fee of £230 in Bitcoin – a controversial internet-only currency that is traded anonymously.

    Experts last night told The Mail on Sunday the hacking culprits may be from Russia or the Ukraine.

    [​IMG]

    IT security experts said criminals had launched the ‘atom bomb’ of computer attacks after a sinister group of hackers stole a cyber ‘superweapon’ from the US intelligence services

    And yesterday, Europol, the European Union’s police force, announced a major investigation has been launched by its Joint Cybercrime Action Taskforce.

    A spokesman said: ‘The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits.’

    IT security experts said criminals had launched the ‘atom bomb’ of computer attacks after a sinister group of hackers stole a cyber ‘superweapon’ from the US intelligence services last year.



    They said a cyber gang named the Shadow Brokers hacked the National Security Agency (NSA) and stole software developed by US agents to spy on Microsoft computers.

    The hackers leaked the cache of hacking tools and passwords needed to unleash the virus in an online post last month – which it said was in protest against US military strikes in Syria.

    The malicious software was hidden in email attachments downloaded by unwitting computer users on Friday afternoon.

    [​IMG]

    As of last night the hackers had received only about £20,000 in bitcoins - a virtual currency that is all but untraceable. One is worth £1,367 – more than the value of an ounce of gold

    Experts said it unleashed a computer virus which spread ‘like wildfire’ across networks.

    Users were warned the £230 ransom demand would double if it was not paid within three days.


    The message demanded the ransom be paid in Bitcoin. The NHS said it would refuse to pay.

    Cyber experts estimated that the attackers could pocket more than £770 million from individuals paying to unlock their machines.

    As of last night the hackers had received only about £20,000, according to the group’s Bitcoin accounts, which can be viewed online.

    One bitcoin is worth £1,367 – more than the value of an ounce of gold.

    They are not physical coins and exist only in cyberspace. Users can remain anonymous, which is why they are often used for illegal activity.

    [​IMG]
    The malicious software was hidden in email attachments downloaded by unwitting computer users on Friday afternoon. The virus is pictured on a laptop

    Security experts told The Mail on Sunday the attack was most probably launched by a criminal gang taking advantage of the leak by the Shadow Brokers last month.

    Some experts alleged the Shadow Brokers were closely linked to Russian intelligence.

    But others said it was unclear and pointed out Russia was one of the nations worst hit by the cyber attack with reports that 1,000 computers in the country’s Interior Ministry were affected.

    Jeremiah Grossman, chief of security strategy at cybersecurity firm SentinelOne, said: ‘Three quarters of ransomware attacks are from Russia and the Ukraine.

    ‘The attack we are seeing is most likely a criminal gang simply extorting people for money but it would not have happened without the hacking of the NSA and the leak by the Shadow Brokers.

    'The Shadow Brokers appear to be Russian intelligence or linked to the Russian government.

    ‘This is evident in their communications, their political actions and the timing of events.’

    [​IMG]
    A cyber gang named the Shadow Brokers is thought to have hacked the National Security Agency (NSA) and stole software developed by US agents to spy on Microsoft computers, according to computer experts

    Edward Snowden, the NSA whistleblower who fled to Russia in 2013, has previously linked the Shadow Brokers hacking group to the Kremlin. But Russian officials have denied the link.

    David Emm, a senior researcher for cyber security firm Kaspersky Lab, said: ‘The people behind it are just looking to make money but this attack is using code dumped by the group calling themselves Shadow Brokers.


    ‘They dumped a whole load of stuff online claiming this was all part of a series of tools and exploits being used by the NSA.’

    Activist Lauri Love, who is facing extradition to the US over unconnected hacking charges, said: ‘This is a top-of-the-range cyber weapon used by the spooks in America. Unfortunately they lost it.’

    Paul Norris, of cyber security firm Tripwire, said the attack was likely ‘a criminal network, not a foreign state attack’ but agreed the method had come from the earlier NSA hack.
     
  2. Jamie Holdstock

    Jamie Holdstock Jr. Member

    Mar 30, 2016
    50
    35
    Male
    London, UK
  3. drunkenmugsy

    drunkenmugsy Sr. Member
    Advocate (Reddit)

    Dec 28, 2015
    405
    218
    Male
    Stupidity and lack of coding experience. To allow a simple check such as this and then to not even register it themselves? Simple minds making simple missteps.
     
  4. anvoice

    anvoice Member

    Dec 22, 2015
    226
    76
    Male
    The negative response following a call to an unregistered domain served to indicate to the virus that it is in a virtual machine sandbox. That was a method to protect the virus from analysis by security specialists. When a virus is in a sandbox, all calls to outside domains return an ok, therefore it was meant to indicate that the virus is being analyzed and therefore should halt its activity. Fortunately, this proved to be an oversight as it allowed a white hat hacker to accidentally stop all versions of the virus by registering the domain.
     
    ClokworkGremlin likes this.
  5. David

    David Sr. Member

    Jan 22, 2016
    345
    205
    Male
    Network Engineer
    Las Vegas
    I think what should be discussed is why the NSA kept these exploits under their belt instead of bringing them to Microsoft so they could be fixed. While the NSA didn't cause the attack, they have blood on their hands.
     
    ClokworkGremlin and drunkenmugsy like this.
  6. jcv

    jcv Full Member
    Developer

    Yeah, the unregistered and random domain is pretty standard practice to prevent analysis/sandboxing. They probably needed to obscure things a bit better but most malware is pretty sloppy. They just rely on the economy of scale.

    That said, it probably is not great for bitcoin (and others) to get associated with this crap in the press.
     
  7. aicasrumn

    aicasrumn New Member

    May 27, 2017
    1
    0
    Female
    Glendora
    Almost all Ransomware requires Bitcion payment like Osiris, Jaff and the most popular one Wannacry.

    The main reason why hacker require it may be the payment of Bitcion is anonymous and it will not leave any information.
    As a result, hacker will not be tracked.
     
  8. drunkenmugsy

    drunkenmugsy Sr. Member
    Advocate (Reddit)

    Dec 28, 2015
    405
    218
    Male
    If you believe that narrative then 'the man' has already won. Any currency/asset is associated with crime. Diamonds are the stock and trade of those wishing to transfer value that is untraceable. Do you see every housewife trashing her wedding ring? Most larger denomination USD having traces of cocaine was a popular story years ago. Did America or for that matter the rest of the world stop using USD? I think not.
    'The Man' is afraid of crypto. It loosens their control over our monetary freedom.
    What you should be saying is I wonder why they are using this to trash crypto. How would this benefit central banks/governments around the world? What are they planning on doing to me next? How can I stop it?
     
    ClokworkGremlin and davecgh like this.
  9. jcv

    jcv Full Member
    Developer

    I disagree there. Bitcoin is not anonymous and never was. The main reason ransomware uses Bitcoin is because they can accept payment without involving a third party.
     
    Johnshpon3 and davecgh like this.

Share This Page