Technology

ANALYSIS
Save
Print

Perpetrators of global cyber attack have earned only $35k, despite causing massive damage

Up Next

Nine charged over $165m ATO fraud

null
Video duration
02:53

More National News Videos

How to protect yourself from WannaCrypt

WannaCrypt ransomeware has infected hundreds of thousands of computers worldwide, don't let yours become one of them.

As thousands of organisations work to contain and clean up the mess from the devastating WannaCrypt (or WanaCry) ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into WannaCrypt, it appears the perpetrators of what's being called the worst ransomware outbreak ever have made little more than $US26,000 ($35,220) so far from the scam.

The WannaCrypt ransomware became a global epidemic virtually overnight last week, after criminals started distributing copies of the malware with the help of a security vulnerability in Windows computers that Microsoft patched in March 2017. Infected computers have all their documents and other important user files scrambled with strong encryption, and victims without access to good backups of that data have two choices: Kiss the data goodbye, or pay the ransom — the equivalent of approximately USD $300 ($406) worth of the virtual currency Bitcoin.

According to a detailed writeup on the WannaCrypt ransomware published over the weekend by security firm Redsocks, WannaCrypt contains three bitcoin payment addresses that are hard-coded into the malware. One of the nice things about Bitcoin is that anyone can view all of the historic transactions tied to a given Bitcoin payment address. As a result, it's possible to tell how much the criminals at the helm of this crimeware spree have made so far and how many victims have paid the ransom.

A review of the three payment addresses hardcoded into the WannaCrypt ransomware strain indicates that as of Sunday these accounts had received 100 payments totaling slightly more than 15 Bitcoins — or approximately $US26,148 at the current Bitcoin-to-dollars exchange rate.

It is possible that the crooks responsible for this attack maintained other Bitcoin addresses that were used to receive payments in connection with this attack, but there is currently no evidence of that. It's worth noting that the ransom note WannaCrypt popped up on victim screens (see screenshot above) included a "Contact Us" feature that may have been used by some victims to communicate directly with the fraudsters.

Advertisement

In many ways $US26,000 is a great deal of money, but it's sad to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward. It's particularly galling because this attack potentially endangered the lives of many. At least 16 hospitals in the United Kingdom were diverting patients and rescheduling procedures thanks to the WannaCrypt outbreak, meaning the attack may well have hurt people physically (no deaths have been reported so far).

Unfortunately, this glaring disparity is par for the course with cybercrime in general.

In fact, very few of these malware writers and pharmacy pill spammers make much money at all, and yet they are responsible for perpetuating a global crime machine that inflicts enormous damage on businesses and consumers. As Stefan Savage, a computer science professor at the University of California, San Diego (UCSD), once told me:

"These guys running the pharma programs are not Donald Trumps, yet their activity is going to have real and substantial financial impact on the day-to-day lives of tens of millions of people. In other words, for these guys to make modest riches, we need a multibillion-dollar industry to deal with them."

KrebsOnSecurity