The time stamp on the code suggests it was put together on a machine that is nine hours ahead of GMT - Japan, Indonesia, the Philippines or the parts of China and Russia that are a long way east.
The WannaCry operates suggest it is the work of people new to the trade.
The worm has been almost too successful, having hit more than 200,000 victims - many times more than are usually caught out by ransomware aimed at large organizations.
Whoever was behind it unwittingly crippled the malware by not registering the domain written in its core code. This made it possible for security researcher to limit its spread.
WannaCry uses three hard-coded bitcoin addresses to gather ransom payments, and that is likely to make it challenging to work out who has paid, assuming the gang behind it does intend to restore locked files. The bitcoin payments might offer the best bet for tracking the perpetrators.
Currently, the total paid to those bitcoin addresses is more than $50,000 (£39,000).
No perfect crime...Just a thought.
No comments:
Post a Comment