I've heard the argument that paying gives them an incentive to develop stronger ransomware, harming the entire industry. Since this most recent ransomware depends on leaked NSA tools, no amount of incentives will get the script kiddies writing similarly sophisticated exploits. Then, are there really any long-term drawbacks if people pay the ransom?
This exploit depended on the tools but unless the NSA keeps leaking tools it's not like there are going to keep being more so at a certain point the randomware people need their own exploits. That's not even counting it probably takes at least some amount of work to turn an exploit into a working ransomware and also set up the payments in a way that governments can't go after you
I'd post on Facebook and see if there's anybody I know and trust who has bitcoin they could sell me in return for a promise of cash payment. Or I'd use a service that lets me purchase using credit cards, such as Coinbase, although the issue there is that they limit _how much_ you can purchase by credit card at a time. So maybe i'd have several people sign up for coinbase accounts and then aggregate the bitcoin together into one account.
Depends on the size of the ransom. For relatively small amounts Coinbase would be a quick option, however there are deposit limits for a period of time.
I haven't heard of one single confirmed case where paying the Wannacrypt ransom actually resulted in the files being released. Other ransomeware, yes. Not this one.
There is no way to associate a payment in bitcoin with a particular infected computer. To do that, attackers would need to have provided unique payment addresses for each computer or unique payment amounts. The only other way would be for the crooks to use the honors system. Don't count on that.
Clone the drive in case a master key gets leaked in the future. In the mean time, start fresh and dont pay the ransom.
Mikko Hypponnen of F-Secure says they have confirmation of some (1st wave) Wannacry victims getting their files back after paying ransoms (but still doesn't recommend it).
hypothetically, though, use localbitcoins.com if you can find someone in your area, otherwise coinbase. the problem with coinbase isn't just the purchase limit -- banks frequently flag coinbase purchases (and other exchanges) which can result in a drawn-out process that lasts more than five hours.
The big question is how much you need to pay in ransom. Most random ransomware is in the $300 - $1000 range with certain more targeted installs getting hit for lots more [1].
Someone else already suggested Coinbase, but as you're asking here, that might not be an option for you for some reason.
Alternatively you could try and see if a Bitcoin ATM is near you:
Have you considered trying to recover files that were deleted? Here's someone's free software being promoted for that with handy instructions http://www.easeus.com/data-recovery/recover-decrypt-wannacry..., or you can try Recuva, which is supposed to be particularly good, with a fairly fast deep scan. PhotoRec is where I would probably go for a windows machine myself, it scans slower, but is command line and understands file formats so even if data is partially corrupted it can rebuild and fix.
Obviously, run these from a usb drive so you don't overwrite more.
19 comments
[ 4.4 ms ] story [ 59.5 ms ] threadThere is no way to associate a payment in bitcoin with a particular infected computer. To do that, attackers would need to have provided unique payment addresses for each computer or unique payment amounts. The only other way would be for the crooks to use the honors system. Don't count on that.
Clone the drive in case a master key gets leaked in the future. In the mean time, start fresh and dont pay the ransom.
https://twitter.com/mikko/status/864107673146490880
Edit: Updated to clarify some victims, and for the first variant. But he goes on to recommend against paying, especially for new variants:
https://twitter.com/mikko/status/865122274164318208
hypothetically, though, use localbitcoins.com if you can find someone in your area, otherwise coinbase. the problem with coinbase isn't just the purchase limit -- banks frequently flag coinbase purchases (and other exchanges) which can result in a drawn-out process that lasts more than five hours.
No documentation needed, just meet someone in the street. Use a public place for your own safety, you'll need cash.
Someone else already suggested Coinbase, but as you're asking here, that might not be an option for you for some reason.
Alternatively you could try and see if a Bitcoin ATM is near you:
https://coinatmradar.com/
or meeting someone in person to swap cash for Bitcoin
https://localbitcoins.com/
Lastly, double check the Ransomware ID sites:
https://id-ransomware.malwarehunterteam.com/
https://www.varonis.com/ransomware-identifier
Maybe there is a decryptor.
1 - http://www.latimes.com/business/technology/la-me-ln-hollywoo...
- Open 4 Coinbase accounts.
- Add and verify 4 different credit cards.
- Buy ~$100 worth of Bitcoin on each account (weekly limit without verification).
- Pay the ransom.
Obviously, run these from a usb drive so you don't overwrite more.