By Michael Kan
May 16, 2017
The hackers behind WannaCry have already managed to rake in more than $56,000, according to records of the three bitcoin wallets provided for payment. But the inefficiency of the payment model makes Hickey wonder whether the hackers were really after money.
"If it was done for money, it wasn't the smartest way to get it," he said.
For example, the hackers could have lowered the ransom price to $10, making it cheap for anyone to pay. For a malicious program that's infected more than 300,000 machines, even a low ransom could have resulted a huge payoff.
Instead, the hackers asked for large sum, then used a shoddy payment process that made victims wonder whether they would get what they paid for.
"It removes the incentive to send any money to the attacker," Hickey said.
It's still unclear who created WannaCry, whether amateurs or skilled hackers. The fact that there was a "kill switch" in the ransomware, which a researcher was able to activate on Friday, stopping the attack at least temporarily, suggests the coders were sloppy.
But WannaCry does at least one thing well: Flawlessly encrypts all the files on an affected machine. Security sleuths are still studying the ransomware for ways to salvage already infected computers.
"The implementation of the encryption was pretty rock solid," said Symantec's Thakur. "There wasn't any gap to jump in and get the files decrypted."
Security experts also warn WannaCry might strike again through new, updated variants.
To prevent infection, users should install the latest patches to vulnerable Windows systems, such as Windows 8, and run antivirus products, like Windows Defender, which can detect and stop the ransomware.
To check whether your computer is protected against the WannaCry ransomware, you can try a free tool, the WannaCry-Checker, which was developed by our sister publication, PC World Germany. Click here to learn more.