WannaCry attackers are messaging victims encouraging them to pay up

By Prasid Banerjee | Updated 22 May 2017
WannaCry attackers are messaging victims encouraging them to pay up
  • A pop-up message tells WannaCry victims that the attackers have been sending decryption keys to users who sent the right amounts to their bitcoin wallets.

The attackers behind the WannaCry ransomware seem to be sending victims a message, encouraging them to pay up. According to reports, many victims have received a pop-up message that indicates there’s only one hacker behind the operation and that he/she is willing to return users control of their files. The message reads:



I have already sent decryption keys to many customers who had sent me the correct amounts of bitcoin, and I guarantee the decryptions for such honest customers. “Send me a message with your unique bitcoin wallet address an hour before your payment. “Then you will receive the decryption key more quickly.

While this is obviously no confirmation of there being only one hacker, it shouldn’t be a reason to pay up either. It’s unclear whether the hackers are actually returning control of the encrypted files.

A website set up by security researcher @m0rb (Twitter handle), shows that there have been a total of 307 transactions on the three bitcoin wallets used by the ransomware for payments. The number seems to have grown by less than 30 more transactions since April 17, when we last reported about the tracker. In turn, the total amount has risen from around $77,000 to around $90,000 at the time this story was written.


It’s possible that the ransomware was pre-programmed to show this new pop-up message at a particular time, although security researchers say it could be that the hackers are actually sending the message right now. Either way, you shouldn’t be paying.

Prasid Banerjee
Trying to explain technology to my parents. Failing miserably.

Recent Questions

What are the Top messaging apps for android?
Aug 27, 2014
Responses 2
Digit Test Labs
Aug 28, 2014
Ravi Arvind Rathod
Aug 28, 2014
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment