Is infecting more than 300,000 computers around the world with a ransomware virus a good way to make a fortune? It sure doesn’t look like it.
The WannaCry cyberattack that’s making headlines this week has squeezed around $80,000 from its victims so far, barely enough to put down a deposit on an apartment in cheaper parts of London. But it’s seized the attention of powerful governments around the globe.
What’s more, the hackers’ decision to use the digital currency bitcoin to collect the ransom money is likely to make it tough for them to withdraw their ill-gotten gains without being caught.
The malware instructed victims to pay $300 in bitcoin in order to regain control of the data it had seized, threatening to increase the sum demanded every three days.
Following the money
At first glance, using bitcoin to gather the money could make sense: cybercriminals can set up accounts in the virtual currency anonymously. But anyone can see the accounts online and also view a record of transactions.
That makes spending the bitcoins or cashing out of them into another currency without getting caught a tricky task, especially when you’ve already attracted widespread global attention.
“I have the feeling we will soon see … how difficult it is to launder [bitcoin],” Facebook Chief Security Officer Alex Stamos tweeted over the weekend, suggesting law enforcement and intelligence agencies could cooperate in tracking what happens to the money.
They may have their work cut out: the global bitcoin market sees roughly 250,000 transactions a day. And criminals can use murky online markets to try to cover their tracks, said Leonhard Weese, who advises startups on cryptocurrencies like bitcoin.
The WannaCry hackers are likely to have plenty of cyber sleuths on their trail, though. U.K. startup Elliptic has made a business out of helping law enforcement agencies trace shady money through the bitcoin realm to track down people or groups in the real world.
Elliptic is already monitoring the funds in the three bitcoin accounts linked to the WannaCry cyberattack.
Other decisions by the hackers also look puzzling, especially if their goal was to profit from the attack.
Asking computer owners who use outdated versions of Microsoft Windows to pay a ransom in an obscure digital currency is an optimistic request at best — and it’s one of the likely reasons why the amount paid is so low compared with the number of victims.
“One or two people I know have joked to me that even if they did get hit, they wouldn’t know how to get a bitcoin to pay them with,” said Michael Gazeley, managing director of Hong Kong-based cybersecurity provider Network Box.
Police have told victims not to pay the WannaCry ransom, warning that handing over the money doesn’t guarantee that they’ll get everything back.
There have been more sophisticated and successful instances of cybertheft in the past. Cryptowall, a similar type of malware that spread through businesses around the world in 2015, is estimated to have made its creators $325 million.
Was it a political move?
All of this begs the question: Was WannaCry really about the money?
Patrick Coughlin, COO of cybersecurity firm TruSTAR, asked in a blog post Tuesday whether the hackers cared about financial returns at all or were motivated instead by a political agenda.
“The answer is probably somewhere in the murky middle,” he wrote.
“No matter what you think about the motives behind this particular attack — there will be more to come,” Coughlin warned. “And the next wave will learn from the impact we’ve seen (and not seen) here.”