Despite the large scale of the attack, an industry source told the media that hackers who locked files on 200,000 computers globally and asked for a bitcoin ransom payment to unlock them, have only made around $50,000.
Machines across 150 countries were infected by a virus known as WannaCry on Friday. This malicious software demands money to unlock computers after it encrypts a user’s files and is known as ransomware. The hackers asked for $300 worth of bitcoin in this case.
His company had uncovered that since Friday, around $50,000 worth of bitcoin payments have been made to the hackers by 7 a.m. ET on Monday, said James Smith, CEO of Elliptic, a London-based start-up that helps law enforcement agencies track criminals using the cryptocurrency.
“We have seen the number of payments start to go up today,” Smith said.
The hackers said the fine would double to $600, and after seven days, the files would be permanently locked after 72 hours from when the attack started on Friday.
“We think over the course of today as we approach the first deadline where fines double we will see a bigger increase (in bitcoin payments),” Smith added.
Despite the global nature and scale of the attack, the amount paid so far is still a small amount. People have bene urged not to pay the ransom by security experts and government agencies.
Because many people wouldn’t know how to obtain and pay in bitcoin, was one of the major reasons for the slow payments.
“If a business is told it needs to pay this amount of bitcoin, most companies will be asking what bitcoin is … it’s not straightforward,” Smith explained.
Setting up an account via a bitcoin wallet and exchange would also require a long onboarding process even as obtaining large amounts of the cryptocurrency might take some time.
No evidence that paying the cybercriminals necessarily unlocks your files, researchers have seen at the same time.
“The decryption process itself is problematic, to say the least,” cybersecurity firm Check Point said in a blog post on Sunday.
“Unlike its competitors in the ransomware market, WannaCry doesn’t seem to have a way of associating a payment to the person making it. Most ransomware … generate a unique ID and bitcoin wallet for each victim and thus know who to send the decryption keys to. WannaCry, on the other hand, only asks you to make a payment, and then … wait.”
As s it is often believed to be completely anonymous, hackers who deploy ransomware often ask for payments in bitcoin. But ways to trace this have been figured out by law enforcement agencies, working with companies like Elliptic.
It traces so-called bitcoin addresses back to people. To make payments to other people or organizations, these addresses are required. Smith said this would become clearer when the hackers try to withdraw their bitcoin in fiat currency even though at the moment, Elliptic is working on trying to trace the payments.
“The attackers haven’t moved it. In previous cases we have been able to work with law enforcement to see where the funds move because ultimately the attacker wants to turn it back into a currency they want to spend,” Smith explained.
(Adapted from CNBC)