Thursday, August 3, 2017

Hackers Behind WannaCry Ransomware Withdraw $143,000 From Bitcoin Wallets

The cyber criminals behind the global

WannaCry ransomware attack

that caused chaos worldwide have finally cashed out their ransom payments.

Nearly three months ago, the

WannaCry ransomware

shut down hospitals, telecom providers, and many businesses worldwide, infecting hundreds of thousands of computers in more than 150 countries, encrypting files and then charging victims $300-$600 for the keys.

WannaCry was really bad, as the nasty

ransomware forced the British NHS

(National Health Service) to shut down hospitals and doctor's surgeries, and infected a Spanish telecommunications company and Russian mobile operator, among much more.

Even a month after the outbreak, the WannaCry ransomware was found infecting systems at

Honda Motor Company

, forcing the factory to shut down its production, and 55 speed and traffic light cameras in Victoria, Australia.

Overall, the hackers behind

WannaCry

made $140,000 in Bitcoins from the victims who paid for the decryption keys—but for almost three months, they did not touch three of their wallets where victims were instructed to send ransom payments.


wannacry-ransomware-bitcoin-cashout

However, the WannaCry hackers started cashing out their cryptocurrencies on Wednesday night.

According to a

Twitter bot

tracking WannaCry ransom payments, only 338 victims paid the $300 in Bitcoin that totalled $140,000.

On Wednesday night, this money was

withdrawn

in 7 different payments within 15 minutes, although it is not clear where the money is being sent, or how the attacker will use it.

If you are unaware, we recently reported about Google's research on how cyber criminals and

ransomware hackers cash out

their stolen or looted cryptocurrencies via cryptocurrency exchanges that are involved in money laundering.

Last week, even German authorities arrested an alleged operator of the popular BTC-e Bitcoin exchange on charges of

laundering over $4 billion in Bitcoin

for culprits involved in hacking attacks, tax fraud and drug trafficking without identifying them.

The identity behind the WannaCry ransomware is still unknown, though some researchers traced back WannaCry to a

state-sponsored hacking group

called

Lazarus

 in North Korea, while other believed the

perpetrators might be Chinese

.

The WannaCry epidemic was using self-spreading capabilities by leveraging leaked NSA's SMBv1 exploit, called

EternalBlue

, to infect vulnerable Windows computers, particularly those using older versions of the operating system.

While most of the affected organisations have now returned to normal, law enforcement agencies across the world are still on the hunt.



from The Hacker News http://ift.tt/2vsMnAD

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.