Gary Warner, nationally renowned cybercrime expert and director of research in computer forensics at the University of Alabama at Birmingham says despite public reports of such a high count of infected computers from the WannaCry attack, the normally observable pattern of destruction and payment that follows a ransomware attack is largely missing.
“The pattern of destruction and payment was disrupted by a 22-year-old British researcher,” Warner said. "The high count of infected computers reported is actually the number of computers that were asked to try to reach the formerly non-existent domain. Analysis of the code shows that if that domain was reached, the malware simply terminated itself and offered no further risk to the computer that tried to infect itself. Perhaps these would be better counted as malware attempts rather than malware infections.”
After examining the public Bitcoin addresses used to collect the ransom demanded by WannaCry, Warner found that at the time of this writing, only 231 payments totaling 34.77 Bitcoins had been made. Bitcoin is currently trading at a near all-time high of $1,701 U.S. dollars per BitCoin, which is less than $60,000 total. Warner concludes that if 300,000 computers were actually infected, the Bitcoin totals would be much higher.
“The other interesting thing is that the criminals who steal money via Bitcoin normally immediately begin the process of laundering their Bitcoin by using online services called mixers or by gambling with the money in Bitcoin casinos that also act as mixers,” Warner said. “Bitcoin tracking services, such as Elliptic, a company that helps law enforcement de-anonymize Bitcoin, confirm that they can find no evidence of the Bitcoin received from ransomware victims being spent or cashed out. It is likely that the criminals are too frightened to touch their ill-gotten gains knowing that there has never been closer scrutiny on a Bitcoin Wallet than there is right now.”
Link to Gary Warner's bio.
To secure an interview with Gary Warner, contact Tiffany Westry Womack, public relations specialist, at (205) 807-1751 or email@example.com.
UAB News Studio is available for live or taped interviews with UAB experts: IFB: 205-975-3190
Andrea Reiber, 205-612-7028
Jeff Myers, 205-639-3128
L2 Mono 128 kpbs, 48 khz
Also available via Skype: uabmedia.relations