Hackers behind Wanna Cry have made only $60,500 so far.
Malware first struck on Friday.
Meanwhile, a possible North Korea link to the cyber attack has emerged.
Since Friday, more than three lakh computers in over 150 countries, including India, have been in the grips of Wanna Cry (or WannaCry), a ransomware that encrypts all data on a system and demands payment in return for freeing up access.
However, for a cyber attack that is being termed as the largest of its kind in history, Wanna Cry has failed to raise the amount of money that one would imagine. A full three days after the malware first struck, the hackers behind the ransomware have made just $60,512.82, or a little less than Rs 39 lakh.
Wanna Cry demands that users pay between $300 (around Rs 19,000) and $600 (around Rs 39,000) in bitcoin in lieu of getting their data decrypted.
Bitcoin is a cryptocurrency that uses blockchain protocol, which supposedly allows users to remain completely anonymous while making or receiving payments. However, the thing about bitcoin is that all transactions are publicly accessible – the only aspect hidden is the identity of the person making a payment or the person receiving bitcoin.
European cyber security firm Redsocks, in its Wanna Cry analysis, found that the hackers behind the ransomware were using three bitcoin wallets.
A look at the wallets’ transaction history (which is publicly accessible) shows that those behind the Wanna Cry ransomware have received only 232 payments so far. In total, Wanna Cry has made $60,513 or Rs 38,75,543.
At the time of writing this report on Tuesday morning, one wallet had seen 86 transactions worth $22,725.81, another had 78 transactions worth $22006.60 while the third saw 68 payments worth $15,780.41.
The reasons for the low payments can only be speculated. Interestingly, in the message that Wanna Cry shows users after infecting their computers, the malware warns that the ransom amount, if left unpaid, would be doubled after three days and that the data on the systems would be completely lost after a week.
This means that several computer systems that were targeted in the first wave of attack on Friday have already seen their first deadline lapse. It is possible that more people might pay up as the deadline for losing their files nears or that there are more bitcoin wallets associated with Wanna Cry that are yet to be found.
Meanwhile, according to a Reuters report, some cyber security experts believe that the motive behind the Wanna Cry ransomware attack was not to make money, but simply to cause disruption, a la ‘some people just want to watch the world burn’.
“I believe that this was spread for the purpose of causing as much damage as possible,” said Matthew Hickey, a co-founder of British cyber consulting firm Hacker House, told Reuters.
Russia, Taiwan, Ukraine and India were among the countries worst affected in the Wanna Cry cyber attack, multiple cyber security firms and researchers have said.
There were reports that several ATMs across the country have been instructed to remain shut until they can be updated with the relevant Microsoft Windows security patches. The Reserve Bank of India, however, denied those reports.
“Kerala and Andhra Pradesh have been affected partly,” Union Information Technology Minister Ravi Shankar Prasad said, adding that overall, India hasn’t been affected much.
The Indian Computer Emergency Response Team said it received formal reports of just five “incidents” across locations like Delhi and Tamil Nadu, according to news agency PTI.
“It is nothing major, but we are still watching. The next couple of days, we will be on alert on this,” CERT-In, director general, Sanjay Bahl told PTI.
Auto maker Nissan, whose systems came under attack globally, said the Renault-Nissan alliance plant in Chennai was initially affected, but said there was no major impact on business.
There are, however, fears that Wanna Cry’s true impact in the country could go under reported due to companies’ reliance of unsupported or pirated versions of Microsoft Windows.
Meanwhile, in a development early Tuesday morning, anti-virus provider Kaspersky said it had found what appeared to be proof of possible links between Wanna Cry and Lazarus, a hacker collective widely believed to be run by the North Korean establishment.
Kaspersky said the code of an early version of Wanna Cry shared similarities to code previously used by Lazarus. While the cyber security firm said that more investigation was required, the discovery, first made by a Google researcher named Neel Mehta, is the “most significant clue to date regarding the origins of Wannacry.”