WannaCry ransomware deadline passes, but few pay up

Despite the chaos caused by the recent ransomware attack, the criminals behind it have netted a relatively small amount of cash.
Written by Danny Palmer, Senior Writer

Video: All you need to know about ransomware in 60 seconds.

As the Wannacry ransomware worm wreaked havoc across the globe last week, claiming hundreds of thousands of victims in 150 countries, it issued victims with a simple demand: pay up or lose access to your data.

Those organisations which became infected were met with a ransom demand for $300 in Bitcoin to be sent to the attackers. If that payment wasn't made within three days, the extortion demand rose to $600 -- and those who left it a week were threatened with their files being deleted forever.

But while WannaCry hit over 300,000 organisations around the world -- including European car manufacturers, the UK's National Health Service, and government institutions in Russia and China -- and heavily impacted on productivity, only a tiny percentage of victims have given into the demands of hackers.

Perhaps this is thanks in part to decryption tools which quickly became available for recovering data.

According to a bot watching the Bitcoin wallets tied to the ransomware attack, just 296 payments had been made as of Monday 22nd May, netting the perpetrators 48.86 Bitcoins -- a figure worth approximately $104,436. This mean means under 0.1 percent of victims paid up.

Considering the amount of chaos WannaCry caused -- and the high-profile nature of a truly global campaign -- a return of $100,000 is relatively low.

The WannaCry booty doesn't come close to the likes of Locky and Cerber, which played a major role in netting cybercriminals $1bn in ransomware fees during the last year.

See also:How to defend yourself against the WannaCrypt global ransomware attack|Ransomware: An executive guide to one of the biggest menaces on the web

Law enforcement agencies and cybersecurity researchers around the world are now on the hunt for those behind the WannaCry attack. Some experts have suggested it has links to North Korea, although nothing is certain about who carried out the attacks at this time.

What is confirmed, however, is that the attacks have been so widespread because they exploit a known software flaw Dubbed EternalBlue.

This Windows flaw is one of a number of zero-days vulnerabilities known to the NSA, before it was leaked to the public by the Shadow Brokers hacking collective.

In the week since the initial WannaCry outbreak, new variants of the ransomware have been discovered in the wild, but they've yet to pose the same threat as the first wave of attacks.


Editorial standards