As law enforcement agencies continue to be on the hunt for the group behind WannaCry, the ransomware authors have just withdrawn a handsome $140,000 in cryptocurrency from their Bitcoin wallets.
Despite it being considered (by some) a state-sponsored attack, the hackers behind WannaCry nonetheless made a lot of money infecting vulnerable systems in more than 100 countries across the globe. Among the organizations hit hardest were Britain’s National Health Service (NHS), telecommunication companies in Spain and Russia, and Honda Motor Company more recently.
Leveraging the EternalBlue wormable component that exploits a Server Message Block (SMB) flaw in old versions of Windows, WannaCry continues to spread – albeit at a more reduced pace – even today.
Demanding between $300 and $600 to decrypt victims’ data, the hackers racked up more than $140,000 since deploying the ransomware in May – a somewhat hefty sum for an attack described by security experts as amateurish.
Now, a Twitter bot set up to track the activity around the Bitcoin wallets associated with WannaCry has picked up some movement. Specifically, the $143,000 in Bitcoins has been withdrawn in seven smaller chunks. The removal took only 15 minutes and occurred on Wednesday evening. According to the bot, the total number of payments was a paltry 345, with the last payment registered on July 24 at 10:07 AM ET.
Readers eager to learn more about the WannaCry ransomware, including the juicy technical tidbits uncovered by our guys at Bitdefender Labs, can download the whitepaper “Everything you need to know about the WannaCry ransomware.”
