8.03.2017

Hackers Behind WannaCry Ransomware Withdraw $143,000 From Bitcoin Wallets

The cyber criminals behind the global WannaCry ransomware attack that caused chaos worldwide have finally cashed out their ransom payments.

Nearly three months ago, the WannaCry ransomware shut down hospitals, telecom providers, and many businesses worldwide, infecting hundreds of thousands of computers in more than 150 countries, encrypting files and then charging victims $300-$600 for the keys.

WannaCry was really bad, as the nasty ransomware forced the British NHS (National Health Service) to shut down hospitals and doctor’s surgeries, and infected a Spanish telecommunications company and Russian mobile operator, among much more.

Even a month after the outbreak, the WannaCry ransomware was found infecting systems at Honda Motor Company, forcing the factory to shut down its production, and 55 speed and traffic light cameras in Victoria, Australia.

Overall, the hackers behind WannaCry made $140,000 in Bitcoins from the victims who paid for the decryption keys—but for almost three months, they did not touch three of their wallets where victims were instructed to send ransom payments.

wannacry-ransomware-bitcoin-cashout
wannacry-ransomware-bitcoin-cashout

However, the WannaCry hackers started cashing out their cryptocurrencies on Wednesday night.

According to a Twitter bot tracking WannaCry ransom payments, only 338 victims paid the $300 in Bitcoin that totalled $140,000.

On Wednesday night, this money was withdrawn in 7 different payments within 15 minutes, although it is not clear where the money is being sent, or how the attacker will use it.

If you are unaware, we recently reported about Google’s research on how cyber criminals and ransomware hackers cash out their stolen or looted cryptocurrencies via cryptocurrency exchanges that are involved in money laundering.

Last week, even German authorities arrested an alleged operator of the popular BTC-e Bitcoin exchange on charges of laundering over $4 billion in Bitcoin for culprits involved in hacking attacks, tax fraud and drug trafficking without identifying them.

The identity behind the WannaCry ransomware is still unknown, though some researchers traced back WannaCry to a state-sponsored hacking group called Lazarus in North Korea, while other believed the perpetrators might be Chinese.

The WannaCry epidemic was using self-spreading capabilities by leveraging leaked NSA’s SMBv1 exploit, called EternalBlue, to infect vulnerable Windows computers, particularly those using older versions of the operating system.

While most of the affected organisations have now returned to normal, law enforcement agencies across the world are still on the hunt.

Source link

No comments:

Post a Comment