WannaCry Attackers Are Moving Their Bitcoin Loot


If you were one of the unlucky people who were affected by the WannaCry ransomware back in May, you probably did one of two things: You either made a payment of $300 in Bitcoins or you had to completely wipe your hard drive and install everything again from scratch. Either option was not a happy one.

Image Credits: HurricaneLabs

With systems in an estimated 150 countries being affected, the payments of the victims have indeed found their way into the hackers’ Bitcoin wallets. After just two and a half months of it appears that the three Bitcoin wallets that held the payments from these victims were suddenly emptied yesterday.

What was the big deal with WannaCry?

If you still don’t know what WannaCry is, it was possibly the biggest ransomware attack ever. It essentially encrypted infected computers, rendering them useless and made the victims perform a Bitcoin payment to the hackers’ wallets in order to receive a decryption key. Those who were infected were caught between the grim choice of making the payment or fully wiping their systems and starting over from scratch. The problem arose when people discovered that the hackers weren’t actually decrypting the files but rather just taking the money. Soon enough, people stopped paying up. That being said, by the time enough people realized it, the hackers had amassed around 52 Bitcoins, which is roughly equivalent to USD $145,000 at current Bitcoin rates.

Keeping it low-key

In order for the attackers to spend the money and also not be traced at the same time, they had to figure out a method of moving the money carefully. This began on the 2nd of August 2017. See, the thing about Bitcoin is, while you don’t exactly know who owns it, anyone can see where it goes. This obviously means that there were people around the world keeping a sharp eye out on the dealings of Bitcoins, especially with regard to the WannaCry attack.

Wannacry bitcoin
Image Credits: BiteMyCoin

As such, the BitCoins amassed from WannaCry was sent to three separate wallets. From here they were sent to more wallets and so on and so forth. Furthermore, the three WannaCry wallets too were broken down in a similar fashion. Some of the BitCoins also made their way to ShapeShift, which is a cryptocurrency exchange. Since digital currency such as Monero focus more on privacy, it would make sense for the hackers to swap the BitCoins for another form of digital currency. Attempting to do this triggered an alert for ShapeShift.

In a statement made by the company, they explained that the WannaCry attacker indeed breached the terms of service and used said service to move a portion of the BitCoins. As such, the company has taken the necessary action to blacklist all addresses associated with the WannaCry attackers that are known to the ShapeShift team.

Where they go, others will surely follow

While this may not seem like a big deal to those who were not affected, it is a big deal for those affected and indeed anyone with ulterior motives. To date, WannaCry is one of biggest cases of ransomware in history and it stands to reason that other attackers and/or hackers will surely want to follow in their footsteps as well. As such, they too will ask for payments in terms of cryptocurrency. The fate of the future followers of the WannaCry ransomware rests in what happens to this money, and also whether or not the attackers/hackers get away with it. Depending on the result, it will either be an encouragement or a warning.

Were you affected by the WannaCry Ransomware? What are your thoughts on this? Leave a comment below.


Please enter your comment!
Please enter your name here