Cyberattackers claim just $92,000 from ransom demands

WannaCry infected some 200,000 computers, demanding a ransom within seven days

A screenshot shows a WannaCry ransomware demand.

A screenshot shows a WannaCry ransomware demand.

 

One week ago a global cyberattack dubbed “unprecedented” by Europol began infecting an estimated 200,000 of the world’s computers, starting a seven-day countdown to the destruction of data if victims did not pay a ransom.

On Friday, those countdowns begin reaching zero. But as of lunchtime the attackers had claimed only about $92,000 (€82,183) in payments from their widespread ransom demands, according to Elliptic Enterprises Ltd, a UK-based company that tracks illicit use of bitcoin. The company calculates the total based on payments tracked to bitcoin addresses specified in the ransom demands.

The ransomware, called WannaCry, began infecting users on May 12th and gave them 72 hours to pay $300 in bitcoin or pay twice as much. Refusal to pay after seven days was promised to result in the permanent loss of data via irrevocable encryption.

With affected institutions including the Health Service Executive (which said it prevented the ransomware from activating), the National Health Service in the UK, FedEx and PetroChina, few initially paid up, leading to speculation that organisations were taking their chances on fixing their corrupt machines before the ransom forced a mass deletion of critical data. A week later, experts agree the financial gains of the hackers remain astonishingly low.

“With over 200,000 machines affected, the figure is lower than expected,” said Jamie Akhtar, co-founder of the London-based security software firm CyberSmart. “If even 1 per cent paid the ransom that would be $600k.”

Kill switch

Mr Akhtar said experts may never know how much larger this figure would have been if a so-called kill switch had not been accidentally triggered by a cyber security researcher, who registered an internet domain that acted as a disabling tool for the worm’s propagation.

While the world’s law enforcement is pointing its resources at trying to identify the culprits, Tom Robinson, chief operating officer and co-founder of Elliptic Enterprises, says it’s unlikely the money taken from victims will be taken from the digital bitcoin wallets they’re being anonymously held in.

“Given the amount of scrutiny this has come under, I would be surprised if they moved it anytime soon,” he said. “I just don’t think the risk is worth the $90,000 they’ve raised so far.”

Mr Akhtar agrees but doesn’t think the criminals have given up hope while machines infected later still have time ticking on their ransom countdown.

“It seems like they are still actively trying to bring funds in,” he said, noting a Twitter post from Symantec on Thursday, which seemed to show fresh messaging from the attackers promising to hold their end of the decryption bargain if victims paid up.

Mr Akhtar believes the best thing the perpetrators can do to hide from authorities is “destroy any evidence and abandon the bitcoin wallets”.

Of course, the hack may have nothing to do with money at all. Any movement of funds from a bitcoin wallet would act as a valuable clue for law enforcement as to who is behind the attack. Preliminary finger-pointing has already targeted groups with suspected links to the North Korean regime, but clues are still few are far between. – (Bloomberg)

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.