Victims paid WannaCry ransom hackers less than $70k, no data recovered – White House
During Monday’s press briefing, Tom Bossert, assistant to the president for homeland security and counterterrorism, told reporters that the number of computers infected with the ransomware has reached more than 300,000.
“The ransomware has disrupted telecommunications companies, hospitals, and other organizations,” Bossert said. “The UK National Health Care Service announced 48 of its organizations were affected, and that resulted in inaccessible computers and telephone service, but an extremely minimal effect on disruption to patient care.”
Bossert said the infection rate slowed down over the weekend, adding that none of the US federal government’s computer systems were infected by the cyberattack.
Additionally, Bossert told reporters that the ransomware was not developed by government or stolen from the National Security Agency (NSA). He referred to the ransomware as “a tool developed by culpable parties, potentially criminals of foreign nation states.”
Bossert said that less than $70,000 was paid to the ransom hackers and that he was “not aware of payments that led to any data recovery.”
According to Elliptic, a London-based start-up that helps law enforcement agencies track criminals using the cryptocurrency, the three Bitcoin wallets known to be associated with the WannaCry ransomware have received less than $60,000 in payments since the cyberattack was released Friday.
OH: “Installing a WannaCry screenshot as a coworker’s screensaver.” Very evil. Very evil indeed. pic.twitter.com/RJV1MQPY0r— John Wilander (@johnwilander) May 15, 2017
One of the main reasons payments have come in so slowly is that many users have never heard of Bitcoin and most users are confused how to exchange regular currency for the digital cryptocurrency.
"If a business is told it needs to pay this amount of Bitcoin, most companies will be asking what Bitcoin is … it's not straightforward," James Smith, CEO of Elliptic, told CNBC.
The hackers initially demanded $300 to decrypt users’ data, then gave users 72 hours to pay until the fine was doubled to $600. Since the ransomware was released Friday, many users had their ransom doubled sometime Monday.
The ransom note indicates that if no payments have been made after seven days, the user would lose all their files.
"We have seen the number of payments start to go up today," Smith said. "We think over the course of today as we approach the first deadline, where fines double, we will see a bigger increase (in Bitcoin payments)."
Bossert advised all Windows users to turn on automatic updates and patch their systems immediately if they have not done so at this point, adding that “the only computers that can be compromised by the WannaCry or WannaCrypt virus are ones that do not have the latest security patches available from Microsoft.”
“If you follow the mitigation advice published by DHS, the FBI and Microsoft, and have patched your systems, you are protected against all these variance,” Bossert said. “Our business and government have responded with upgrades and patches, defensive mitigations, and this has dramatically reduced the vulnerable population over the last three days. But this needs to continue to be our focus.”