Skip to main content

WannaCry ransomware bitcoins on the move

(Image credit: Image Credit: Julia Tsokur / Shutterstock)

The cybercriminals behind the WannaCry ransomware attacks appear to have decided to cash out on their crimes and have removed over $140,000 worth of bitcoins from their online wallets. 

The WannaCry attacks occurred almost three months ago during which time organisations worldwide were affected by the ransomware, including the NHS which experienced disruptions for several days as a result of the attack. 

A Twitter bot set up by Quartz journalist Keith Collins was alerted to the fact that the attackers had removed the remaining bitcoins stored in their online wallets. Currently the balance of all of the wallets associated with the WannaCry attacks is now at zero. 

In May, when the attacks first took place, cyber security experts and law enforcement agencies across the globe urged victims to not pay the ransom as it would likely not result in their files be restored and would only encourage other cybercriminals to follow suit.  However, the attackers' bitcoin wallets tell a different story and many individuals and even some businesses did in fact pay the ransom. 

This is the second time the attackers behind Wannacry have transferred funds from their wallets.  In July, the bitcoin-monitoring company Elliptic noticed that the attackers had begun to empty their wallets. 

It is expected that the WannaCry bitcoins removed from the wallets will likely be put through a 'mixer' and will be transferred as part of a larger series of payments to make them harder to trace.  This will help throw off law enforcement and make it much more difficult to determine who was really behind the WannaCry ransomware. 

Want to know more about ransomware? Read our guide here.

Image Credit: Julia Tsokur / Shutterstock

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.