-
I doubt even those that pay will get anywhere. Payments going to just 3 bitcoin wallets? Those wallets are now being watched. How do you prove /you/ paid?
Also seen some code analysis that suggests that there may not be a decryption routine.
Given the shonkyness of the kill-url implementation (one fixed url, vs 5 random ones in another virus), and the suggestion that this was to stop it being analysed (not really a kill switch), I suspect the above may be correct.
My take on it is that it's actually been far more successful that the creators had thought that it would be. I don't think that any private (rather than state) actor would have wanted this to happen, as the attention makes it harder to withdraw the ransom from its bitcoin wallet
MrDrem-
You can watch those wallets all you like, if they know what they are doing you won't be able to follow the money. I have witnessed much bigger fraudulent activities on the BTC network that were watched live by hundreds of security experts. It doesn't take too much effort to disappear the funds if you want to.
You can prove you paid because there will be a unique transaction ID that is associated with the private key of the address you sent the BTC from.
Stonehedge
There's a Radiolab episode, Darkcode, where a woman gives into ransomware demands and decides to pay. It was a pretty laborious process with extensive one-to-one human communication just to unlock a single PC. If this current attack uses a similar method when reaping the gains, then they will need to employ a huge army of 'customer reps'. I'm guessing that the more people they hire, the bigger the risk of being found out?