Follow Slashdot stories on Twitter


Forgot your password?
Botnet Security

Attackers DDoS WannaCry Kill Switch ( 73

An anonymous reader quotes VentureBeat: As of late Friday, after many of the deadlines threatening data deletion had passed, few victims had paid ransoms. According to Elliptic Enterprises, only about $94,000 worth of ransoms had been paid via Bitcoin, which works out to less than one in a thousand of the 300,000 victims who were reportedly affected by WannaCry... While not as bad as feared, ransomware (not to mention cybersecurity threats in general) isn't going away. Wired reported that the domain registered by Hutchins has been under intense denial-of-service attacks delivered by an army of IoT devices marshalled, zombie-like, by Mirai.
This discussion has been archived. No new comments can be posted.

Attackers DDoS WannaCry Kill Switch

Comments Filter:
  • If I had the money to borrow Mirai, I can't imagine a more amusing thing to do than to poke holes in the WannaCry Dam. I tip my hat to whoever is behind this evil scheme.

    • That would probably be like borrowing from yourself. The people who have control of the Mirai network are probably the ones initiating the WannaCry. Find them and you could kill two birds with one stone.

  • Typical Rate (Score:5, Informative)

    by mentil ( 1748130 ) on Sunday May 21, 2017 @12:38AM (#54457647)

    Less than one in a thousand is a typical 'success' rate for any scam. Given that this is a worm, the cost of propagating to those 300k devices was almost nil after it was done being coded. Considering the attack used publicly-released exploits, pretty much every other component could've been sitting in a drawer using 95% reused code chunks.

    It's not like Silicon Valley contractors were paid to code this thing, some 3rd-world hacker (possibly unemployed) threw it together; the cost of creation is way under $94k, I suspect. The NSA probably paid 10x that to find the exploits, and who knows if they ever got to use them.

    • by Anonymous Coward

      You're funny because you think Silicon Valley contractors aren't 3rd-world hackers.

  • by Anonymous Coward

    I thought the "kill switch" just attempted to resolve the domain name which is why just registering the name was enough to activate it. If that's the case, what's the point of the DDoS other than just being a dick overall?

    • If the name servers go off line, won't they eventually expire out of DNS servers and accomplish the same thing of unregistered?
    • No. It actually makes a full HTTP request, and requires a good response. I believe MalwareTech originally even said that the killswitch was fragile, and he tried to make it somewhat resilient, but it's not a cure. It holds off the payload, but is absolutely not an excuse to avoid patching, updating, and disinfecting your systems.

  • success (Score:5, Interesting)

    by Tom ( 822 ) on Sunday May 21, 2017 @02:45AM (#54457879) Homepage Journal

    $94k is not a bad payout. Sure they hoped for more, and the worm was very successful and could've yielded more. But publicity is the enemy of every good scam, so typically, they actually do not want their scam to make headlines.

    Given all that, they still made the equivalent of a yearly salary on this thing, and without the inconvenience of paying taxes or having to show up in the office. Any indy mobile games developer would be happy with getting that return from a game.

    Ransomware is here to stay. But maybe with the large number of victims this time, people will actually demand that software vendors start to provide something that is better than utter crap? That we have a very serious issue in software quality and we can't afford to bet our economy, social networks and basically all of civilisation on something that's made cheap and fast (you know the third that wasn't picked).

    We need some basics done right in software, and that means re-engineering a big part of it. We need to understand trust levels, MLS or its variants. We need to get away from the user model we have, where users are treated as either complete idiots or all-knowing gods. We need to get our shit sorted out instead of pushing the next shoddy "disrupting product" out the door in search of a quick buck and a profitable IPO.

    Maybe if something besides $$$ still had a value in this society...

    • by mentil ( 1748130 )

      We need some basics done right in software,

      While I agree with your sentiment, let's not forget that these were stolen NSA exploits. Even if the security bar were raised substantially, the NSA will still be willing to throw billions in taxpayer dollars at finding exploits and creating complex implants. If those expensive top-shelf exploits are released into the wild by crackers who stole them, other malware authors will happily use them for random mundane stuff like ransomware. Just wait until ransomware starts flashing itself into device firmware so

      • by Tom ( 822 )

        While I agree with your sentiment, let's not forget that these were stolen NSA exploits.

        Even the NSA can only find what's there. We can raise the software quality (i.e. lower the bug count) by at least two orders of magnitude, this has been demonstrated. It is more expensive, but not that much (not even one order of magnitude).

        We just don't because making a quick buck before the shit hits the fan is still a viable business model.

    • by Anonymous Coward

      $94k isn't a lot of money, considering the coder behind WannaCry made pretty much every mistake in the book. He hardcoded a killswitch URL without owning the URL. He coded in a single bitcoin wallet so there's no way to tell which victim paid off the ransom. I doubt the author of this crap also wrote the exploit code, which by reports is highly sophisticated. That means he almost certainly bought the exploit code. Add this to the cost of renting a Mirai botnet, the author's hemorrhaging money fast.

      While I d

    • Given all that, they still made the equivalent of a yearly salary on this thing, and without the inconvenience of paying taxes or having to show up in the office.

      Difference is that they're going to have to look over their shoulders and it is likely that they'll never be able to claim that Bitcoin because the intelligence services will be monitoring it. When you fuck with a nation's national health service disrupting the medical treatment of millions of people, some of it for things like cancer treatments, and that nation has GCHQ at its disposal and access to the US intelligence network you need to be seriously fucking careful you do a damned good job of covering yo

      • by Anonymous Coward

        Seriously, they're going to lose a third of the money channeling it (slowly, in batches) through multiple bitcoin laundering services, then dump it (again, slowly and in differently sized batches) into a bank account in a country that doesn't share much data with the UK/US/etc. There are better ways for a good developer to make money than something like this, even in a poor country. This was most likely considered a disaster by whoever created it.

      • by Tom ( 822 )

        You sure the government cares so much? As long as they didn't hit the GCHQ itself, I'm not sure they'll got out of their way to find them.

    • by ebvwfbw ( 864834 )

      They were too cocky. Wannacry? Just begs for clickbait. Everyone wanted to see if there was any carnage. Should have named it Sugarpops or FreeHealthCare, nobody would have looked then.

  • Criminals gonna criminal.

    Seriously, though, the makers of the ransomware are criminals. It's not entirely unrealistic to think they're also the type who would DDoS.

    And the DDoS is probably less of a crime than the ransomware.

    All of this assumes that the (in my opinion likely) possibility that the DDoS and ransomware are coming from the same person or people.

  • by Vadim Makarov ( 529622 ) <> on Sunday May 21, 2017 @03:33AM (#54457935) Homepage

    As the article points out, a big part of the reason is that people disable automatic updates. This should never be done, but I can understand. Automatic updates are rude. They change and break things. Windows updates got kinda nicer last few years (after you disable automatic reboot [] ), but all other software updates are still crap. Every time I run a third-party sofware update (Adobe, Flash, etc.), it breaks and resets things. No I don't want a new UI for Acrobat that makes the icons twice the size (nope, forced). No I don't want the load-at-boot reinstalled (nope. reinstalled. fire msconfig and regedit to get rid of it). No I don't want to reinstall the auto-update (ditto). No I don't want my print settings reset to default (nope, done). And crap like that, every time. This is a price for security that we should not have to pay.

    • Windows updates got kinda nicer last few years (after you disable automatic reboot []... ), but all other software updates are still crap.

      Every time I run Windows updates, I then have to run a script to rip Telemetry out of my Windows. So, no. Windows updates are now malware. That's not better. You are suffering from Stockholm syndrome.

    • The problem is that software vendors have lost customer trust and they aren't even working on getting it back. Historically, updates, upgrades, and new features were separate things. When companies started to think "How do we monotize our current user base?" that things went to shit.

      Now features, mostly unwanted, are being shoved down the update channel. All it really accomplishes over time is making the update channel the same as a forced upgrade/feature channel. Something that most people just don't wan

      • You are correct. And there is only one way to get them to change that. Instead of paying for the inferior software they provide.. Bootleg it. Fuck them, They can have their money when they act right. Until that day i will never give another penny to a software vendor.

    • It comes down to who you prefer f*cking you - Satya Nadella, or a random script kiddy.
  • They DDoSed ... (Score:4, Insightful)

    by PPH ( 736903 ) on Sunday May 21, 2017 @12:08PM (#54459411)

    ... a HOSTS file?

  • Simple as that.

    The world never (or almost never) had such a thing as Ransomware until untraceable, auto-laundering methods of payment like Bitcoin.

    Even cash is traceable, because you have to send it somewhere!

    Stop Bitcoin, and its ilk, and you will take the "Ransom" motive out of "Ransomware". Just. Like. That.

"If it's not loud, it doesn't work!" -- Blank Reg, from "Max Headroom"