Bitcoin extortionists have been around for a while, and have managed to become a constant threat to the market during the last couple of months. So far, hundreds of extortion attempts have been reported, where hackers infected the computers of individuals and companies, blocked access to their data, and then asked for a certain amount of money to be paid in bitcoin, to regain access to the PCs in question.
However, most of the attacks that took place until now, weren’t handled by the same author, and did not infect too many computers. Until a few days ago, when a new ransomware attack known by the name of WannaCry managed to infect hundreds of thousands of computers from all around the world.
The ransomware, also known by the name of WannaCrypt, Wanna Decryptor and WannaCrypt0r 2.0 reportedly managed to infect 230,000 computers in 99 countries, demanding bitcoin ransom payments in over 28 languages, for users to regain access to their computers and afferent data. The Europol has recently described this attack as unprecedented in terms of its scale, and it’s by far, the most extreme ransomware attack carried out since the internet was born.
So far, reports indicate that the attack infected numerous institutions, and companies from all around the world, such as parts of the British National Health Service, Telefonica, FedEx and more.
In terms of its history, it is believed that WannaCry is based on the EternalBlue exploit, which was initially developed by the U.S. National Security Agency, also known as the NSA, to help attack computers that were running Microsoft Windows as the operating system. To help deal with this issue, and stop more computers from becoming infected, Microsoft has released patches for the recently-released operating systems, but also for the no-longer-supported Windows XP.
The WannaCry ransomware began wreaking havoc from the 12th of May, initially spreading through email attachment, and then through local area networks (LANs). The exploit gains access to the hard drive of infected users, and then encrypts it with a unique key that is held by the hackers. Upon being infected, when turned on, computers would showcase a message stating that the computer in question has been infected, and hence ask for a ransomware to be paid in bitcoin, to any of three bitcoin addresses displayed, to make tracking the source of the ransomware much harder for authorities.
Regardless of this aspect, analysts from all around the world have actively been tracking the amount of funds being received by the three addresses. While the ransomware has infected over 230,000 computers, it seems like the amount of money they managed to gain wasn’t too big. At the moment of writing, the extortionists have managed to get their hands on a total of 14.28 BTC, which is the rough equivalent of $24,781. It remains unclear whether there are more addresses being displayed in other parts of the world, but so far, the extortionists seem to be a bit out of luck in convincing people to pay ransoms in bitcoin.