WannaCry hackers cash out $143,000 in ransom money
The cybercriminals behind the global WannaCry ransomware attack have finally cashed in the $143,000 -- or 52.2 bitcoins -- paid by some its victims, according to an online bot tracking payments made to WannaCry hackers.
The bitcoin payments made by victims were withdrawn Wednesday night -- with the last withdrawal made at 3:25 a.m. Thursday. All of the online wallets associated with WannaCry are now empty. Only 338 victims paid the $300, but the hackers waited until now to withdraw funds.
Cryptocurrencies like Bitcoin are preferred by hackers as it’s incredibly difficult to trace the payments. It’s likely whoever withdrew the funds will launder the money to ensure the payment can’t be traced.
There’s been no official confirmation as to the identity of the hackers. However, many security experts have made connections to the hacking group Lazarus, which has ties to North Korea.
Tom Robinson co-founder of Elliptic, a London firm that helps law enforcement track down cybercriminals, told CNBC that the bitcoins are likely being converted into a different cryptocurrency: Monero, a privacy-focused cryptocurrency.
Robinson is working with law enforcement to trace the movement of these funds, in hopes to find the owners likely responsible for perpetrating the attack.
WannaCry struck organizations with file-encrypting ransomware around the globe in May, infecting more than 300,000 computers and crippling systems in the U.S., Brazil, Europe, Russia and China. It devastated the U.K National Health System and two large U.S. hospital systems.
The hackers leveraged a Windows SMB vulnerability. Microsoft issued a patch for the specific flaw in a March 2017 update and a secondary patch for outdated systems soon after the attack. The patch prevented system exploits, but not computers already infected with WannaCry.
The virus continued to claim victims after the initial attack, as late as June.