WannaCry hackers collect ransoms

Nearly three months on since the WannaCry ransomware attack that disrupted corporates and organisations across 150 countries, more than US$140,000 (£106,500) in bitcoin paid by attack victims has been withdrawn from online wallets.

Those targeted in the May 12 attack, which quickly infected multiple computers on corporate networks and encrypted them, were instructed to pay ransoms of between $300 and $600 in order to have the affected files unlocked.

As the amounts demanded were relatively modest, some victims opted to ignore advice from law enforcement agencies and cybersecurity experts that they should resist the hackers’ demands or risk further cyberattacks and more extortionate demands.

The total of around $140,000 was collected in three bitcoin wallets and was left undisturbed in the weeks following the attack. Many assumed that the hackers would not attempt to remove the ransoms, as the accounts were being closely observed by law enforcement agencies.

However, tracking firm Elliptic reports that more than £18,000 in bitcoin was removed from the three wallets between 24 July and August 3, with the balance taken out early on Wednesday morning in seven batches of between £15,000 and £21,000 each.

Elliptic’s chief operations officer (COO) and co-founder Tom Robinson told broadcaster CNBC: “We believe some of these funds are being converted into Monero, a privacy-focused cryptocurrency.”
Another theory is that the WannaCry bitcoins will be put through a “mixer” – in which the currency is transferred and mixed into a larger series of payments that make it more difficult to track its final destination and assists its conversion to hard currency.

Despite the payment demands, security experts and government agencies now believe that North Korea was behind the WannaCry attack and that the primary motives were political rather than money-driven.

54 views

Related reading