[Cryptography] "WannaCry" ransomware has any payment resulted in a key?

Tony Patti crypto at glassblower.info
Wed May 17 23:33:40 EDT 2017 

Hi Tom,

In answer to your question: "I wonder if any payment resulted in a valid key?",
this article was published in CSO Online yesterday, the title says it all:
http://www.csoonline.com/article/3196831/security/paying-the-wannacry-ransom-will-probably-get-you-nothing-heres-why.html
"Paying the WannaCry ransom will probably get you nothing. Here's why."

Tony Patti
CIO
Founder and Manager, the LinkedIn group "Cryptographers and Cryptanalysts"

-----Original Message-----
From: cryptography [mailto:cryptography-bounces+crypto=glassblower.info at metzdowd.com] On Behalf Of Tom Mitchell
Sent: Wednesday, May 17, 2017 8:39 PM
To: cryptography at metzdowd.com
Subject: [Cryptography] "WannaCry" ransomware has any payment resulted in a key?

I have been watching the news on the "WannaCry" ransomware and I wonder if any payment resulted in a valid key?

It seems that the bitcoin payment step is secure but the delivery of the key via return message is the fragile transaction from the criminals view of things.
A short list of rich payments might be worth the risk to keep the scam alive but the list must be short.

The interesting tech here if and only if this was a "responsible scam"
would be  key management.
Identifying the correct key for the correct 'locked' machine has a couple issues.  One is the machine is locked so any reliable ID of the specific machine seems difficult to parse and since the machine is locked a different machine must be used to make payment, communicate the machine ID, receive the key and apply it to the locked machine.

Yes "responsible scam"  sounds oxymoronic at best a cruel kindness.

Well time to go update my machines, scan for viruses and make backups!
Also make myself a 'different' account with admin privileges and  may myself a goober account for interacting with the world.  Boot and recovery media too.
What a pain...




-- 
  T o m    M i t c h e l l
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

More information about the cryptography mailing list