For a ransomware that affected over 300,000 PCs worldwide, the attackers behind WannaCrypt may not be very happy with themselves right now. The malware came with a $300 (in Bitcoin) ransom, which was increased to $600 on Tuesday, and yet the attackers seem to have raised only about $77,618 (over Rs. 49 lakh) right now. While that’s no small sum, it’s well below what some experts estimated the attackers would make. Potential earnings for the hackers have been estimated at tens of millions of dollars.
A Twitter user going by @m0rb, has setup a website tracking the three bitcoin wallets that are being used for accepting payments right now. @m0rb tells us that he’s tracking the wallets on the new version of the ransomware, so it’s possible some more bitcoins slipped through earlier. At the time of writing this story, the website tracks 43.09723588 bitcoins transacted on these wallets, which amounts to $77,144.04, at a market price of $1790 per bitcoin.
@m0rb explained that he/she is tracking the wallets using a blockchain.info api. “I'm using the https://blockchain.info api; parsing the json and filtering out elements with a perl script that generates the html, svg graphs, and tweet,” the researcher said.
The website is linked above, but you can track the final amounts through periodic tweets the user has set up on his/her account as well.
It’s worth noting that @m0rb’s tracker tracks only the current version of the malware. The researcher found two other wallets, linked below, that have allegedly been used to receive payments (on earlier versions of WannaCrypt) as well. Although transactions on both of these wallets amount to a below $8000 right now. We’re trying to verify the authenticity of these wallets at the moment. For reference, a killswitch was found on the first version of WannaCrypt, which halted progress temporarily.