[raffomania]

according to the article, the balances of the bitcoin addresses collecting the ransoms are

15.13562354 BTC = $26410 13.78022431 BTC = $24045 5.98851225 BTC = $17361

Assuming $300 per ransom, this works out to a total of 226 victims who paid. this seems a little low compared to the huge amount of infected devices.

[unklefolk]

I think this venn diagram explain part of the problem:

https://www.trustar.co/wp-content/uploads/2017/05/WannaCryVe...

[pas]

How did the 300M USD CryptoWall cashed that much?

[unklefolk]

That's a good question. Here is a link to the numbers:

http://thehackernews.com/2015/10/cryptowall-ransomware.html

That averages out at $800 per infection compared to about $0.30 per infection from WannaCry. I suspect there are other factors at play here (was all the revenue from ransoms? were that target systems different? are people hardening in their resolve not to pay these ransoms?).

[kbody]

It's easy to find out the total. There's even a twitter bot[1] reporting it. At the moment the total is 44.98BTC = $80,925. I'd argue ofc it's more because there are some variations of the worm that's not being accounted by many yet.

[1]: https://twitter.com/ransomtracker

[wyldfire]

Earlier reports I'd heard said that this group was unprepared or poorly prepared to handle the incoming ransom. Many of these ransomware campaigns use a fully automated mechanism to deliver keys upon payment, this group did not.

[j_s]

One of the main pain points was using the same Bitcoin address as a destination rather than unique-per-victim... it gets confusing to prove who paid.

[koolba]

How does that work in practice? Do the decryption keys get stored in the block chain as well or out of band?

[pas]

out-of-band, probably sent via email or managed through the "malware app" itself.

[vxNsr]

I was listening to an NPR report on this and their explanation for the low amount was that the group wasn't handing over the keys after payment. Which I guess implies people who get infected are first researching what to do before paying.

[Belphemur]

Did you check the transactions?

They could have already moved a part of the coins to an exchange.

[ConfucianNardin]

According to blockchain.info, no coins have been moved from the addresses in the article.

[kbody]

Last time I checked none of the coins were ever moved and in general ransomware earnings are not moved. They're just waiting for fungibility on Bitcoin.