The hackers behind the devastating WannCry ransomware attack that wrecked havoc in dozens of countries are moving their cash.
In May, the malware began spreading, causing chaos at hospitals, logistics firms, and businesses in more than 150 countries around the world. It encrypted victims’ data and demanded a bounty paid in digital currency Bitcoin to unlock them, and was halted when a British researcher accidentally activated its “kill switch.”
The British NHS (National Health Service), Spanish telecoms firm Telefonica, Nissan, and FedEx were among the organisations affected. British investigators have since blamed the attack on a North Korean-affiliated hacking group, “Lazarus Group,” which was also linked to the 2014 hack of Sony Pictures.
The hackers made $US140,000 (£105,000) from the attack in bounties — but for more than two months, they didn’t touch it. (Bitcoin records all transactions on a public ledger, meaning anyone can see how much is in a given “wallet” or whether it has been spent if you know the correct “address.”)
Late on Wednesday/early on Thursday, however, the ill-gotten funds finally began to be transferred. The moves were first highlighted by a Twitter bot built by Quartz reporter Keith Collins.
In seven payments spaced across 15 minutes, the money was withdrawn. It’s not clear where it is being sent, or how it will be used.