Hem
Datorskärm med varningstext från hackarna. (Mark Schiefelbein / TT NYHETSBYRÅN)

Wannacry-hackare har plockat ut lösensumman

Hackare har tagit ut över 143 000 dollar i bitcoin av lösensumman som betalades ut efter attacken med utpressningsviruset tidigare i år, skriver CNBC.

E-valutan hade betalats in i en digital plånbok av offer för virusattacken och de sista pengarna togs ut klockan 09.25 på morgonen svensk tid uppger startupbolaget Elliptic.

– Vi följer rörelserna av pengarna som tagits ut från Wannacrykontona, säger Elliptics grundare Tom Robinson till kanalen.

Han bedömer att uttaget växlats in mot kryptovalutan Monero, som fokuserar på användarnas integritet.

bakgrund
 
Monero
Wikipedia (sv)
Monero (XMR) är en kryptovaluta som är baserad på öppen källkod, skapades i april 2014 och inriktar sig på personlig integritet, decentralisering och skalbarhet. Till skillnad från många kryptovalutor som är härledda från Bitcoin, är Monero baserat på CryptoNote-protokollet och besitter väsentliga algoritmiska skillnader som har att göra med obfuskering av blockkedjan. Monero har fortgående stöd från sin community, och dess modulära kodarkitektur har lovordats av Wladimir J. van der Laan, som arbetar med Bitcoin Core. Efter att först ha rönt föga populäritet hos allmänheten, såg Monero en snabb tillväxt i marknadsvärde (från US$5M till US$185M) och transaktionsvolym under 2016, delvis till följd av att valutan anammades av den stora darknet-marknaden AlphaBay i slutet av sommaren 2016.
bakgrund
 
Wannacry-attacken
Wikipedia (en)
The WannaCry ransomware attack was a May 2017 worldwide cyberattack by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. The attack began on Friday, 12 May 2017, and within a day was reported to have infected more than 230,000 computers in over 150 countries. Parts of the United Kingdom's National Health Service (NHS) were infected, causing it to run some services on an emergency-only basis during the attack, Spain's Telefónica, FedEx and Deutsche Bahn were hit, along with many other countries and companies worldwide. Shortly after the attack began, a 22-year-old web security researcher from North Devon in England known as MalwareTech discovered an effective kill switch by registering a domain name he found in the code of the ransomware. This greatly slowed the spread of the infection, effectively halting the initial outbreak on Monday, 15 May 2017, but new versions have since been detected that lack the kill switch. Researchers have also found ways to recover data from infected machines under some circumstances. WannaCry propagates using EternalBlue, an exploit of Windows' Server Message Block (SMB) protocol. Much of the attention and comment around the event was occasioned by the fact that the U.S. National Security Agency (NSA) had already discovered the vulnerability, but used it to create an exploit for its own offensive work, rather than report it to Microsoft. Microsoft eventually discovered the vulnerability, and on Tuesday, March 14, 2017, they issued security bulletin MS17-010, which detailed the flaw and announced that patches had been released for all Windows versions that were currently supported at that time, these being Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016, in addition to Windows Vista (which had recently ended support). However, many Windows users had not installed the patches when, two months later on May 12, 2017, WannaCry used the EternalBlue vulnerability to spread itself. The next day, Microsoft released emergency security patches for Windows 7 and Windows 8. Those still running older, unsupported versions of Microsoft Windows, such as Windows XP and Windows Server 2003, were initially at particular risk, but Microsoft released an emergency security patch for these platforms as well. Almost all victims of the cyberattack were running Windows 7, prompting a security researcher to argue that its effects on Windows XP users were "insignificant" in comparison. Within four days of the initial outbreak, security experts said that most organizations had applied updates, and that new infections had slowed to a trickle. Several organizations released detailed technical writeups of the malware, including Microsoft, Cisco, Malwarebytes, Symantec and McAfee. The "payload" works in the same fashion as most modern ransomware: it finds and encrypts a range of data files, then displays a "ransom note" informing the user and demanding a payment in bitcoin. It is considered a network worm because it also includes a "transport" mechanism to automatically spread itself. This transport code scans for vulnerable systems, then uses the EternalBlue exploit to gain access, and the DoublePulsar tool to install and execute a copy of itself.
Omni är politiskt obundna och oberoende. Vi strävar efter att ge fler perspektiv på nyheterna. Har du frågor eller synpunkter kring vår rapportering? Kontakta redaktionen