Hackers Just Stole $66000 in Bitcoin. Now What?

Elizabeth Williams
May 19, 2017

The wallets show each payment that victims have sent in hopes of regaining access to their files. Authorities are working to catch the extortionists behind the global cyberattack, searching for digital clues and following the money.

Unfortunately, ransomware is quickly growing in scope, and fast turning into a booming business for cybercriminals. One Los Angeles hospital reportedly paid about $17,000 to hackers to restore its computer systems past year. And it's only going to get worse.

Also, the company offered support and advice for those who were affected by the attackers, publishing contact forms and help forums on their page.

Ironically, the WannaCry hackers are likely to have a negative impact on the entire ransomware industry by taking this approach. This worm uses an exploit developed by the NSA that abuses a weakness in older Windows PCs, which lets it forward itself to more and more computers: over 230,000 of them at the time of writing.

It wreaked havoc on systems belonging to Britain's National Health Service (NHS), where hospital computers were shut down and operations cancelled.

Ransomware has escalated across the globe as a profit center for criminals, as per Symantec, with a 36% increase in ransomware attacks worldwide in 2016.

WannaCry, however, has not been almost as successful - or at least not yet.

WannaCry demands that users pay between $300 (around Rs 19,000) and $600 (around Rs 39,000) in bitcoin in lieu of getting their data decrypted. At an exchange rate of $1,700, that adds up to about $68,000 in total gains for the attackers.

Much better is a personal transfer of bitcoin between individuals. He simply registered a website that was mentioned in the code of WannaCry, which disabled at least the initial version of the ransomware.

In a webcast on Monday, India's Computer Emergency Response Team (CERT-In) advised victims to not pay the ransom amount. Given that a week hasn't passed since the first reports of infections, it's possible there will be another surge of payments over the next week. A full three days after the malware first struck, the hackers behind the ransomware have made just $60,512.82, or a little less than Rs 39 lakh.

Ransomware does not technically require bitcoin. This has been compounded by anticipatory lifting of ban on withdrawal restriction on a Hong Kong-based Bitcoin exchange, and the ransomware demand. However, payments made to the Bitcoin addresses are in a way more transparent, as they can be viewed by anyone-to the extent that it's possible to calculate how much money has been collected by the cyber criminals. The blockchain prevents rogues from spending the same bitcoin twice, and the miners are rewarded for their efforts by being gifted with the occasional bitcoin.

Nothing has yet been withdrawn from any of the bitcoin accounts, and law enforcement agencies watching them say the perpetrators could be hard to trace until they access some of the ransom money. So far, F-Secure hasn't provided more details.

On Friday, a virus known as WannaCry infected machines across 150 countries. Upgraded computers are no longer vulnerable. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email. If you have a backup copy, you can restore these files from the back-up.

Foster said administrators also can set up a "ransomware honey pot" in which a couple of file types are planted in a system so an administrator receives an alert when a ransomware malware starts to infect a certain type of file.

For example, the hackers could have lowered the ransom price to $10, making it cheap for anyone to pay.

Both Hickey and Horowitz said they haven't heard of any cases where victims successfully freed their computers by paying the ransom.

Though, of course, this is easier said than done.

Other reports by VgToday

Discuss This Article