Cyber criminals behind WannaCry ransomware cash out

Source: Xinhua| 2017-08-04 18:13:46|Editor: Song Lifang
Video PlayerClose

LOS ANGELES, Aug. 3 (Xinhua) -- After about three months, the hackers behind the global WannaCry ransomware attack infecting computers worldwide have finally cashed out their ransom payments from Bitcoin wallets on Wednesday night.

In total, the hackers made about 140,000 U.S. dollars in Bitcoin from the attack, which broke out on May 12, forcing hospitals, telecom providers and many other businesses worldwide to temporarily shut down, infecting hundreds of thousands of computers in more than 150 countries, encrypting files, and then charging victims a ransom payment of Bitcoins worth from 300 to 600 U.S. dollars.

Overall, 338 victims paid the 300 dollars in Bitcoin for the decryption keys that totaled 140,000 dollars, but the cyber criminals did not touch the three of bitcoin wallets where victims were instructed to send their ransom payments until recently, according to a Twitter bot "actual ransom" tracking WannaCry ransom payments.

The Twitter bot, which was set up by Quartz, a media website, to watch the movements of the ransom-related bitcoin accounts, detected the first withdrawals at 11:00 p.m ET on Wednesday (0300 GMT, Thursday).

The money was withdrawn in seven different payments within 15 minutes. It is not clear where the money is being sent, or how the attacker will use it, the bot's Twitter account shows.

Five minutes after the first 70,000-dollar transactions, there were another three withdrawals. Ten minutes after that, there was a final withdrawal, after which all three accounts were completely empty.

Bitcoin, the worldwide crytocurrency and digital payment system, was released as open-source software in 2009. The system works without a central repository or administrator, and the transactions take place between users directly, so the owners of bitcoins can use the digital currency to buy goods or services, or change into real currency privately out of financial supervision from the authorities.

The value of bitcoins fluctuates swiftly. A year ago, one bitcoin approximately equalled 457 dollars, while on Thursday it was worth 2,875 dollars, according to Coinbase, a company that helps users buy and sell bitcoins.

"The valuation of these cryptocurrencies is so sky high. That's a very tempting target for hackers. I am not surprising for seeing this," Mikko Hypponen, a cyber war veteran and the Chief Research Officer of F-Secure, a Finnish cyber security and privacy company told Xinhua.

The identity behind the WannaCry ransomware remains unknown, as the withdraws were anonymous. But the transactions are still traceable, because they are all stored in databases called blockchains where people can monitor bitcoin addresses and see how the "money" moves.

"They can steal the money, they can get the money and they can be caught. Of course, we will see an attempt," Hypponen said.

The WannaCry cyber virus was using self-spreading capabilities developed from EternalBlue, an exploit believed to be leaked from U.S. National Security Agency (NSA), to infect vulnerable computers, particularly those using older versions of the Windows operating system.

EternalBlue, generally believed to have been developed by the NSA to exploit a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol, was spread on the Internet by the Shadow Brokers hacker group on April 14.

Although Microsoft released a patch for it on March 14, EternalBlue was still used as part of the worldwide WannaCry ransomware attack on May 12.