CYBER NEWS

Atualização de agosto do WannaCry - somas de resgate coletadas e assassino preso

Imagem de infecções globais por ransomware do WannaCry

A comunidade de segurança relatou dois grandes incidentes conectados ao infame ransomware WannaCry que atingiu computadores em todo o mundo cerca de um mês atrás. Os operadores por trás dele conseguiram coletar as quantias de resgate. At the same time the expert who shut it down Marcus Hutchins was arrested by the FBI.

Story relacionado: Wanna Decryptor (WannaCry) ransomware (restaurar arquivos)

WannaCry Large Ransom Sums Collected by Operators

Security experts identified that the criminal operators behind the infamous WannaCry attacks finally collected the sent payments. At the onset of the infection campaign the security researchers and vendors who were trying to repel the attack and remedy the consequences found that even though that computer victims sent ransomware payments they were not collected by the hacker operators. Since then the value of the Bitcoin digital currency which was the utilized payment method grew. This is one of the probable reasons why the hackers decided to hold the collection.

The various attack campaigns used three primary Bitcoin wallet addresses which were associated with the criminals. According to the reports the withdrawn sum amounts to about 70 000 Dólares. No information is available about who is responsible for the transactions.

Story relacionado: WannaCry Impostors em ascensão

Marcus Hutchins Responsible for WannaCry Shutdown Arrested by the FBI

Marcus Hutchins AKA MalwareTech profile twitter image

The expert responsible for the effective WannaCry kill switch, 23-years-old Marcus Hutchins was arrested by the FBI on six charges for conspiracy. Também conhecido como MalwareTech and several other aliases he was responsible for creating a special kill switch that was able to counter the dangerous attacks caused by the WannaCry ransomware. His arrest was only a few days after the annual DEF CON hacking conference which took place last week in Las Vegas.

Hutchins is charged with conspiracy on several cases, mainly dealing with the creation and coordination of financial crimes using the banking trojan called “Kronos”. It became famous back in 2014 when a video was posted on a popular video sharing site demonstrating the operation of the threat. Several months later Kronos was found on sale on the underground hacking markets making it possible for criminals to use it in attack campaigns.

Marchus Hutchins case image

Security researchers also note that Kronos was also being advertised on Russian hacking communities as well where the price was adjusted to 7000 Dólares, while on other sites it can be found for 3000. The banking Trojan is described as having the ability to conceal itself from anti-virus and security solutions as well as protect itself from sandbox environments.

The Security community posted that Hutchins AKA MalwareTech used several underground aliases including: iarkey, _0xE9, MonkeyBalls and etc.

November last year a major attack campaign using the banking Trojan was able to infiltrate a large number of companies and government institutions in the fields of education, hospitalidade, healthcare and financial services. One of the main goals of Kronos is to withdraw credit card numbers from secure databases and relay the data to the criminal operators. As Marcus Hutchins is suspected for being the principal operator he has probably accumulated a lot of cash. The charges against Hutchins are the following:

  • Conspiracy ‒ Charged with the advertising, selling and distributing Kronos banking trojan instances.
  • Vigilância ‒ According to the court Hutchins is responsible for stealing private information of victim users.
  • Computer Access Without Authorization ‒ The charges link the suspect into hacking computer systems and networks.
  • It is still not known for certain where Hutchins is. A friend of his posted that Hutchins was booked into the Henderson Detention Center in Nevada. However soon afterwards the records were removed from the website. It suspected that he might have been taken for interrogation in the field office of the FBI in Las Vegas.

    At the same time security researchers from around the world have created a Twitter profile calledFree MalwareTechto call for his release.

    Free MalwareTech Twitter profile campaign image

    Avatar

    Martin Beltov

    Martin formou-se na publicação da Universidade de Sofia. Como a segurança cibernética entusiasta ele gosta de escrever sobre as ameaças mais recentes e mecanismos de invasão.

    mais Posts

    Me siga:
    Twitter

    Deixe um comentário

    seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

    limite de tempo está esgotado. Recarregue CAPTCHA.

    Compartilhar no Facebook Compartilhar
    Carregando...
    Compartilhar no Twitter chilrear
    Carregando...
    Compartilhar no Google Plus Compartilhar
    Carregando...
    Partilhar no Linkedin Compartilhar
    Carregando...
    Compartilhar no Digg Compartilhar
    Compartilhar no Reddit Compartilhar
    Carregando...
    Partilhar no StumbleUpon Compartilhar
    Carregando...