France: Police seize two Tor relays in WannaCry investigation

Source: BleepingComputer

"Two days after the WannaCry ransomware outbreak wreaked havoc across the world, French police seized a server running two Tor relays belonging to French activist Aeris, who said the server was confiscated in connection to the WannaCry attacks. … The activist said police seized his server because a big French company was infected with WannaCry …. WannaCry communicates with a command and control server hosted on the Dark Web, on a .onion address. Aeris suspects his servers were used as first hops in this connection, hence the reason police seized his property, hosted via French hosting provider Online SAS. Most Tor servers are configured to log very few details, such as uptime and status metrics, so to safeguard the privacy of its users. Unless Aeris made customizations to default configs, French police have no chance of finding any useful information on the seized servers." (06/11/17)

https://www.bleepingcomputer.com/news/security/french-police-seize-two-tor-relays-in-wannacry-investigation/