Actuarial Outpost

Actuarial Outpost (
-   Software & Technology (
-   -   WannaCry (

PeppermintPatty 05-13-2017 09:27 PM

I'm surprised there hasn't been a thread on this, yet. Holy s***, this thing spread fast. And was stopped fast -- almost by accident. A malware fighter on vacation noticed some reports of ransomware, but that's so common he didn't pay attention, and went to bed. Then he woke up and saw that there was a disaster. He got a copy of the thing and ran it in a sandbox and found that it was looking for a particular domain that didn't exist. He registered that domain, to create a "sinkhole" to analyze how it was spreading. And it turns out that the virus doesn't do anything if it finds that the domain exists -- probably an intentional kill switch.

Of course, it's only shut down until they recompile it without the kill switch.

The guy who did that was on vacation at the time. His boss gave him an extra week of vacation to make up for it. :)

(This story transcribed from what a friend told me. Check out the article linked below for the source.)

Actuary321 05-15-2017 11:25 AM

At a golf outing on Saturday, one of my playing partners, an IT guy at one of the local hospitals, got a call halfway down the 9th (and final for our round) fairway and came over and told us he had to leave and go into work because the hospital had been hit by some ransomware. Haven't had a chance to talk with him to see if this was the one he was hit by.

yoyo 05-15-2017 11:56 AM

has anyone heard what the ransom demands were?

Chronus 05-15-2017 11:59 AM


Originally Posted by yoyo (Post 8968337)
has anyone heard what the ransom demands were?

$300 in bitcoin was demanded on each locked down PC.

Abelian Grape 05-15-2017 12:00 PM

It threatened to delete my bookmarks/cookies. It makes me WannaCry just thinking about it. :cry:

G-Funk 05-15-2017 12:05 PM

This hit Europe and now Asia a lot harder than the US. Seeing as how this was originally an NSA tool, any possible political blow back?

yoyo 05-15-2017 12:07 PM


Originally Posted by Chronus (Post 8968346)
$300 in bitcoin was demanded on each locked down PC.

are people paying?

PeppermintPatty 05-15-2017 12:07 PM

The newspapers are calling it WannaCry, but I notice that the malware blog refers to it as "WannaCrypt", which kinda makes more since, since the thing works by encrypting all your content files.

There have been a bunch of ransomware attacks like this in recent years. This one is unusual because it spread so incredibly fast. It is very good at moving through networks once it gets established on a single computer.

PeppermintPatty 05-15-2017 12:09 PM


Originally Posted by yoyo (Post 8968363)
are people paying?

So far they have collected about $50K, which seems really low for such a huge attack. Even with such a modest pay-off, they may have trouble laundering the money. It's hard to know who owns a bitcoin account, but once you use it to pay for something, it's not that hard to know who takes possession of the good or service you pay for.

PeppermintPatty 05-15-2017 12:12 PM

That amount may grow, though. The message tells you that it's $300 to recover your documents if you act quickly, $600 if you wait, and eventually they will just go away. And the time limit hasn't expired on most of those attacks.

an earlier report said $20K

now $50K

All times are GMT -4. The time now is 03:16 PM.

Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.

Page generated in 0.12401 seconds with 9 queries