Would they make more money if they demanded $10 instead of $300? While $300 isn't crazy money, it's more than enough to be painful, and definitely feels like ransom.<p>I wonder how many people facing a locked computer would sigh, say a few choice swearwords, and dig out their cards had it been a relatively low amount.
Is this a point to the downside of bitcoin? Im not against it at all still, but this does prove it to be a viable method of payment for shady business that can't reasonably be tracked... without bitcoin (or other crytocurrency), what methods would be in place to collect this money that wouldnt be easily tracked?
If this were me, I'd be running away from it as fast as possible.<p>It's entered meatspace, with players like the FBI, FSB, China (not sure about their acronyms), and anyone else who feels they have a stake.<p>If you aren't state-sponsored and protected (by a competent state, however corrupt), you aren't going to win against them. Not when you have a physical body, family, and friends to protect.<p>(And even if you aren't state-sponsored, do you want to be on high-vigilance for 10+ years? No trips abroad? And how do you stay useful enough to maintain that protection? And how, regardless of internal political turmoil?)<p>P.S. Not to mention, the competent (as opposed to the other) and very resource rich aspects of their intelligence services. Which can add up to a lot of haystack sifting.
What a shame. They've surely done many orders of magnitude more than $26k worth of damage. They've done a really really bad job at monetising their impact.
What would be really interesting to me is the reverse-engineering of the outbound bitcoin to trace this back to real/named individuals.<p>Consider that every transaction is public information - so any bitcoin spent from that wallet has to go somewhere.<p>A friend threw out a stat for me while we were discussing this the other day that something like 80% of existing wallets are owned within places <i>like</i> coinbase where they are associated with named individuals. (I don't know if that is true, but for the purposes of this strategy it's the assumption I'll stick with)<p>Anyways - assuming 80% of wallets can be traced by law enforcement to named individuals. Imagine that you set an alert to watch all outbound transactions from any of those three wallets.<p>After each transaction, do a lookup on the owner of the receiving wallet. If it is a named individual, interview them to find out how they got this money. Who just sent them a bitcoin?<p>If the wallet is not owned by a named individual, add it to the watch-list. Repeat for all outbound transactions from that wallet until you can trace it back.<p>I'm interested to know how many steps it would take to arrive at the actual criminal.
Considering nobody has had their files decrypted yet, I'm almost surprised how high this figure is. You'd think some people would do at least a bit of research before throwing $300 down the drain.
Did they actually decrypted the files after getting money from victims?<p>It would be interesting, if some white-hat security researcher, pays the $300 money and gets the solution (reverse engineering) . Make its available for free to everyone :)
Really good technical analysis of WannaCry for hackers (in a good sense): <a href="https://www.youtube.com/watch?v=d_j8UUQbJsc" rel="nofollow">https://www.youtube.com/watch?v=d_j8UUQbJsc</a>
Article is a couple of days old now. If you do the math right as im writing this it'd be 33.8 bitcoins. at $1721 per coin the total is over $58,000.
All points Krebs mentions are still valid however.