Mystery as WannaCry accounts are emptied
The more than $140,000 worth of digital currency bitcoin has been sitting untouched for the last three months
It seems the hackers behind the WannaCry ransomware attack are trying to cash in their illicit gains.
The ransom money, equal to more than $140,000 worth of digital currency bitcoin, has been sitting untouched in online accounts for three months. Now, someone has moved the money to other bitcoin accounts.
The funds were moved from the three main accounts tied to WannaCry to nine other bitcoin accounts. The transfers took place late Wednesday and were first noticed by the Twitter bot @actual_ransom, set up by one Keith Collins to monitor the accounts. The accounts were withdrawn in seven tranches of between 19,000 and 27,000USD.
Experts can only speculate why the hackers have decided to move the accounts at this particular time. Eddie Shwartz, executive vice president of cyber services at DarkMatter, the UAE-based cybersecurity company, speculates the latest developments in the larger Bitcoin market may have something to do with it.
Just two days ago, Bitcoin was split into two, creating volatility in the cryptocurrency market. Depending on the exchange they were using, the hackers may have decided to move the money to better protect their “investment”, said Shwartz.
The WannaCry attack, later linked to the North Korea hacking group Lazarus group, afflicted hundreds of thousands of computer globally in May, with the hackers demanding victims pay $300 each in ransom using bitcoin to access their data.
Observers commented that the amounts in question are relatively low considering the scale of the attacks.
However, the typical success rates for these types of large scale attacks is in the 3-6% range, Shwartz observed. “Although there’s no way to calculate, if the hackers perceive that the amount is within that range, then they could conclude the hack was statistically a successful one,” he added.
Bitcoin transactions and accounts are public, but the owners behind them can be, and usually are, anonymous.
Authorities are keenly watching where the money ends up, hoping to catch them when they eventually try to cash the Bitcoin into regular currency.
However given the inherent anonymity of cryptocurrencies, it may prove very hard to catch the cybercriminals, Schwartz observed. “Secondly, though there are international law enforcement officials involved, such as Europol and Interpol, these agencies are severely limited in their jurisdictional capacities,” Shwartz added.
The press has given a lot of visibility to WannaCry, so the hackers will most likely be more careful than other criminals so they do not attract too much attention, Shwartz said.