WannaCry Ransomware: New twist as hackers withdraw over £100,000 from bitcoin wallets

In May 2017, the NHS suffered a widespread and crippling cyberattack that put important data at risk – the WannaCry ransomware attack. Our guide reveals all you need to know about ‘WanaCrypt0r 2.0’, the ransomware software behind the breach, as well as featuring all the latest news. 

WannaCry Ransomware: Latest news

In a fresh development first reported on Thursday August 3, it now seems that all bitcoin wallets related to the WannaCry hack have been emptied.

The total sum believe to be involved in the withdrawal is over £100,000 (~$137,000) and was originally paid by victims of the attack to the hackers involved.

Quartz journalist Keith Collins shared the news on social media, having discovered the bitcoin exodus via a Twitter bot he set up to monitor wallets related to the WannaCry ransomware.

Bot scoop: The owners of the three bitcoin wallets tied to the #WannaCry ransomware attack have just started withdrawing money https://t.co/10buEtsUfW

— Keith Collins (@collinskeith) August 3, 2017

Victims of the WannaCry attack, which took place in May and affected a number of global businesses as well as the NHS, were told to pay up to $600 (~£455) to regain access to their computers.

It’s understood that WannaCry ransom-related funds first started to vanish from wallets in late-July, but the withdrawal noted by Collins marks the hackers’ boldest move since executing the attack.

Read 0n for a complete guide to ransomware and the WannaCry hack that affected the NHS earlier this year.

Related: Is my password safe?

What is ransomware?

The first thing you need to know about WanaCrypt0r 2.0 (also known as WannaCry, Wcry, or Wanna Decryptor) is that it’s a type of malicious software called ransomware.

The name comes from the term ‘ransom’, which means to demand payment for a third party’s belongings that you’ve seized.

Once ransomware ends up on your computer system, it will encrypt your data so you can no longer access it. The software will then demand money in exchange for decrypting your software.

Ransomware software generally only demands a few hundred pounds or dollars. That’s because if the amount was too high, people would be unwilling to pay. Instead, hackers make their money from bulk payments, rather than individual wins.

It’s also worth noting that payment is often requested in Bitcoin, a virtual currency that’s much harder to trace than more conventional transactions.

What is WannaCry (aka Wcry or Wanna Decryptor)?

WannaCry is just one example of ransomware, and can be bought online in secret black market forums.

The software has gained notoriety recently on account of it making its way into the systems of both Telefónica in Spain and the NHS in the UK.

It’s important to point out, however, that the NHS wasn’t necessarily specifically targeted. Hackers tend to create scripts that will try and push ransomware onto as many machines as possible, and the NHS was almost certainly just an unfortunate victim.

The NHS attack actually started in Lancashire, and then spread throughout systems at various NHS Trusts.

Part of the reason why the NHS is particularly vulnerable is that many NHS Trusts use outdated version of Windows, as far back as Windows XP. Without recent security patches, it’s impossible for a system to stay truly safe from hackers.

How to stay safe from ransomware

Once ransomware gets onto your system, there’s very little you can do. So our best advice is simply to try to stay safe from it in the first place.

The most powerful protection you have from ransomware is backing up your systems. That way, even if your machine does become encrypted by ransomware, you can restore the system using a backup that’s stored somewhere else.

Don’t forget that ransomware often targets users through phishing, too.

Phishing is a type of online scam that involves tricking users into handing over information or downloading malicious files. An example of a phishing scam would be an e-mail that’s made to look like it’s from your bank, but any information you enter into a linked web-page in the email actually gets sent to hackers.

In WannaCry’s case, the malicious file would have been downloaded through a seemingly normal e-mail. That’s why it’s important to always be wary of links you click and attachments you open in e-mails. If the sender doesn’t appear trusted, don’t open or click anything.

Should you ever pay a ransomware ransom?

With ransoms of all kinds, the general advice is to not pay the ransom. By paying the ransom, you’re promoting the use of ransomware as an effective means of extorting money.

That said, some people often pay the cash just to retrieve important files. Note, however, that not all ransomware will decrypt your files; some will simply take the money and leave you stuck.

Again, the best advice is to ensure you have all of your files backed up. By doing so, there’s no risk from ransomware as you’ll always be able to restore your data.

There are some legitimate programs that can attempt to decrypt your systems too, but these won’t always work – especially if the encryption method is very complex.

Related: Best laptops

It’s also worth letting the authorities know you’ve been hacked. Ransomware scams are often massive global operations, so it’s important for the police and security services to have a good idea of how a scam is operating in order to better trace e-mails and money to the culprits.