Ransomware Tally Estimated at $70k USD

Crime, News | May 17, 2017 By:

The WannaCry ransom tally is up to approximately $70,000 USD, according to tracking on three known e-wallets accepting the bitcoins that will decrypt crucial business files.

A page has been set up to track the receivables from the ransomware, which affected an estimated 200,000 computers worldwide since it first appeared last week. So far, none of the coins have been claimed. The potential take is estimated at a billion dollars if every ransom were paid.

Reports have surfaced that security experts have identified code in the so-called “WannaCry” virus that matches that previously used by North Korean hackers. Kaspersky lab researcher Kurt Baumgartner told Reuters that the code “is the best clue we have seen to date as to the origins of WannaCry.” ¬†However, definitive proof may be elusive, if not impossible, to obtain.

The North Koreans are prolific hackers that have been accused¬†in a number of prominent past hacks. Sanctions on the country’s hard currency and imports have led to a rise in novel ways to generate income.

The WannaCry attack began last week, inflecting computers in the US, China, Russia and UK, among other countries. Hospitals, universities, private businesses and government institutions reported attacks, which requested $300 in bitcoins to de-crypt files. The ransom request doubled if not met within 72 hours, and then files were pemanently locked after seven days.

Hackers apparently are exploiting a Windows vulnerability using tools obtained from another hacker group called The Shadow Brokers. The Shadow Brokers claim to possess hacking tools stolen from the US National Security Agency (NSA). Microsoft issued a security patch for the alleged vulnerability in March, but not every system may have installed the upgrade.

Jakub Kroustek, Threat Lab Team Lead at cyber-security firm Avast, blamed the WanaCryptor 2.0 for the ransomware.

Kroustek also said the machines being targeted have either not been updated to include a patch or are PCs running Windows XP, which are not supported anymore. “Avast detects all known versions of WanaCrypt0r 2.0, but we strongly recommend all Windows users fully update their system with the latest available patch