Tag Archives: ransomware

Bitcoin Ransomware Addresses

List of Bitcoin Ransomware Addresses

Ransomware Name Bitcoin Address
CryptoLocker 4.0 15sJ3pT7J6zefRs95SEsfBZMz8jAw1zAbh
CryptoLocker 1HrEqMHQVWhKuCg7a3rxo2tAFAiKquJ5iP
CryptoLocker 1EJbVfn5hXQ9JcfRyn965UKpNX4qxRW7pY
CryptoLocker 14bgivtRtTjzwiS4rRECoKGXkSZbf1Co39
CryptoTorLocker2015 1KpP1YGGxPHKTLgET82JBngcsBuifp3noW
DMALocker 1382JAg5xbQv7QNwq1svDeyw6ELtNCmujG
Bucbi 1MfVk1utxgvGjMFV3K3CzXsDRDZznj5tey
CryptoHost 18AVPLKGBamXtGpdT3kP2b5Dv3iBUDpjKv
7ev3n 1Lud76Q98VRHCUiyK7XUs7AgFofrqXeP78
TeslaCrypt 15Y2TmHrxjmRFxfNUttwb9aU4DifvDpWKM
TeslaCrypt 1NRn15kJnVRrptTSQJJnMD9KJcWkVFh1Gv
ThunderCrypt 14dqhE6XPoxkkttwwh7qTWmmSwXerWd2Ho
ThunderCrypt 18yfx86BwNK5xYKw71uaHwAxPgCGRJaqgg
ThunderCrypt 1HFY12o56xbHer3oeNxC99A7SGyXaR64hs
Trump Locker 1N82pq3XovKoJYqUmTrRiXftpNHZyu4jyv
Buddy 1AoNMLZfhw7cbMCKAhaKHiveMdwFyVUGeA
Chimera 1JHxr5sbXDoZuDsx624TmZ2MWyDdD9ag8K
CTB Locker 1Hf2vPmYNxzFYWiaURs75h8JoyCczLXCG2
CTB Locker 1E4jsfwFsKVaAVFNfrmGVgDY1HRU8qf7PV
Jigsaw 15fbyNgDnqYQR5vSHJ8PTAEJbKy4dwNBCZ

Bitcoin Ransomware Links

Evolution of Encrypting Ransomware

Ransomeware Notes

WannaCry Ransomware Extorts 39 Payments Worth 6.49 BTC – DAY 1

WannaCry Ransom Note
UPDATE: WannaCry Ransomware Attack up to 14.08007493 BTC on 92 payments as of 11:30am ET May 13. Balances more than doubled in 12 hours.

Today’s widely reported WannaCry ransomware attack is extensive, growing and has already yielded ~USD$12k in profits according to a quick analysis of the BTC addresses involved. On May 12 the 3 bitcoin addresses known to be receiving extortion payments show receipt of 6.49372428 BTC in 39 separate transactions with ransom varying between .15 to .30 BTC each. None of the balances have been moved to new bitcoin addresses since receipt.

The WannaCry Ransomware Bitcoin Addresses Continue reading WannaCry Ransomware Extorts 39 Payments Worth 6.49 BTC – DAY 1

Bitcoin Ransomware Attacks

This is a list of bitcoin ransomware attacks which I will be updating periodically as more become public.

Last Updated 11-June-2016

Date BTC Amount Paid (USD) Target City Country Virus Name Source
6/29/2016 500 Sports Team USA vocativ.com
6/7/2016 20,000 University Calgary, OT CA cbc.ca
4/25/2016 NA Utility Lansing, MI USA theregister.co.uk
4/1/2016 750 Fire Department Snoqualmie, WA USA CryptoLocker “Locky” eastofseattle.news
3/1/2016 Pending (4 BTC) Hospital Henderson, KY USA CryptoLocker “Locky” livebitcoinnews.com
3/1/2016 Pending Hospital Baltimore, MD USA Samsam aka MSIL or Samas baltimoresun.com
2/1/2016 17000 Hospital Los Angeles, CA USA CryptoLocker “Locky” wired.com
2/1/2016 450 Police Station Melrose, MA USA   ibtimes.co.uk
12/10/2015 500 Retail Store Calgary, OT CA cbc.ca
10/1/2015 572 Sheriff Office Dickson County, TN USA   bostonglobe.com
4/1/2015 500 Police Station Tewksbury, MA USA KEYHolder bostonglobe.com
1/1/2015 500 Police Station Midlothian, IL USA   bostonglobe.com
11/1/2013 750 Police Station Swansea, MA USA CryptoLocker “Locky” bostonglobe.com

From pymnts.com

In 2015, the FBI received roughly 2,453 complaints related to ransomware malware attacks, which amounted to $24.1 million in losses for victims

Related from The Merkle 11-June-2016
Cisco Ransomware Tool Can Now Decrypt All Versions of TeslaCrypt