Researchers say WannaCry operator moved bitcoins to “untraceable” Monero

reader comments 0[1]Share this story

When the master or masters of the WannaCry cryptoransomware worm emptied the bitcoin wallets associated with the malware earlier this week, they apparently moved to make future movement of the funds more anonymous. According to researchers at the Italian information security firm Neutrino, the bitcoin were exchanged for XMR, the “untraceable” private digital currency backed by Monero[2]. On Wednesday, the 52.2 bitcoins in the wallet were drained out over nine transactions, as detected by a bot[3] created by Quartz’s Keith Collins.

Neutrino researchers traced the moved bitcoins to wallets associated with Monero. Monero is a private digital currency that is focused on privacy. While it is based on blockchain like other cryptocurrencies and uses distributed consensus for all transactions to prevent wallet hacking, it uses “ring signatures”[4]–an anonymous cryptographic signature scheme–to sign transactions.

This makes it impossible to tell which parties were involved in a transaction when examining the blockchain itself. Monero has drawn the attention and endorsement of another party at least tangentially tied to the WannaCry worm–the individual or group behind Shadowbrokers, the entity responsible for leaking the NSA exploit used by WannaCry’s author. In June, the Shadowbrokers announced that they were now accepting Monero for payments[5] for their “Monthly Dump Service.”

There’s no evidence directly connecting WannaCry with the Shadowbrokers.

Some researchers have associated parts of the WannaCry malware with the Lazarus Group[6], a hacking group previously associated with the Sony Pictures “wiper” attack and the Swift funds transfer hack of Bangladesh Central Bank.

Intelligence officials have tied the Lazarus Group to North Korea’s government.

References

  1. ^ reader comments 0 (arstechnica.com)
  2. ^ Monero (getmonero.org)
  3. ^ detected by a bot (twitter.com)
  4. ^ “ring signatures” (link.springer.com)
  5. ^ accepting Monero for payments (steemit.com)
  6. ^ with the Lazarus Group (arstechnica.com)

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *