The cyber criminals behind the far-reaching WannaCry ransomware attack that caused mayhem on a global scale have finally cashed out their ransom payments.
About three months ago, the ransomware attack disrupted hospitals, telecom providers, and many businesses worldwide, infecting hundreds of thousands of computers in more than 150 countries, encrypting files and then charging victims $300-$600 for the unlock keys.
The hack forced the British National Health Service (NHS) to shut down hospitals and doctor’s surgeries, and infected a Spanish telecommunications company and Russian mobile operator, among much more.
Outbreaks of the WannaCry mammoth hack were still being found infecting systems at Honda even a month after the attack. This forced the factory to shut down its production, and 55 speed and traffic cameras in Victoria, Australia.
In total, the hackers behind WannaCry made a whopping $140,000 in Bitcoins from the victims who paid for the decryption keys—but for almost three months, they did not touch three of their wallets where victims were instructed to send ransom payments.
Just this week however, the hackers began cashing out their cryptocurrencies on Wednesday night.
According to a Twitter bot tracking WannaCry ransom payments, only 338 victims paid the $300 in Bitcoin that totalled $140,000.
On Wednesday night, this money was withdrawn in 7 different payments within 15 minutes, although it is not clear where the money is being sent, or how the attacker will use it.
Meanwhile, last week, German authorities arrested an alleged operator of the popular BTC-e Bitcoin exchange on charges of laundering over $4 billion in Bitcoin for culprits involved in hacking attacks, tax fraud and drug trafficking without identifying them.
The identity behind the WannaCry ransomware remains unknown, though some researchers traced the hack back to a state-sponsored hacking group called Lazarus in North Korea, while others believed the perpetrators might be Chinese.
The WannaCry epidemic was using self-spreading scripts by leveraging the leaked NSA exploit “EternalBlue”, using it to infect vulnerable Windows computers, particularly those running older versions of the operating system.
While most of the affected organisations have now returned to normal, law enforcement agencies across the world are still on the hunt.