WannaCry ransom on the move

Bitcoins withdrawn from wallets linked to ransomware

Money paid by victims of the WannaCry/WannaCrypt ransomware in an effort to regain access to their files appears to be on the move, with the equivalent of tens of thousands of dollars of bitcoin being shifted into new digital wallets.

The ‘actual ransom’ Twitter bot established by Quartz’s Keith Collins has been monitoring the bitcoin addresses that victims of WannaCry were instructed to pay their ransom to and revealed the cryptocurrency being shifted.

The three WannaCry wallets reached a total of 52.19666422 bitcoins (about US$141000) earlier today, the bot revealed. Some 338 payments had been made to the wallets. WannaCry demanded up to US$600 worth of bitcoin as ransom from its victims.

Just after 1pm AEST, the process of emptying out the wallets began. The balance of the three wallets is now 0BTC, with the bitcoins shifted into nine new wallets.

WannaCry hit networks worldwide in May, claiming hundreds of thousands of victims.

In Australia, one noteworthy victim was Victoria’s Fixed Digital Road Safety Camera (FDRSC). Australian businesses were also hit by the ransomware outbreak.

The ransomware employed a Microsoft Windows SMB Server exploit dubbed EternalBlue that was included in the ‘Shadow Brokers’ dump of US National Security Agency hacking tools.

Last month the Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, cited the WannaCry and Petya as examples of the impact that malware can have on nations in the region.

“The recent WannaCry and Petya ransomware attacks have shown how simple profit-seeking malware can shut down a nation’s critical systems or services,” Tehan told the RSA Asia-Pacific & Japan Conference.

Join the newsletter!

Error: Please check your email address.

Tags securityWannaCryWannaCryptransomwaremalwarecyber securityBitcoin

More about AustraliaMicrosoftNational Security AgencyRSATwitter

Show Comments

Market Place