On May 12th Ransomware swept the globe attacking over 300,000 computers, encrypting files and holding them for ransom. The longer someone took to pay the ransom to decrypt a file the ransom would increase. WannaCry abducted files for hospitals, causing emergency rooms to turn away patients, cellphone operators, personal computers, and many businesses causing a mass disruption.
WannaCry made about $140,000 from the attack which was being held in a bitcoin account. The account was obviously under close observation by law enforcement agencies, and around 11:00pm Wednesday August 2nd the money began to move.
At 11:10pm three separate transactions were made in the amounts of $20,055.52, $23,856.48, and $26,434.83, totaling about half of what the account held.
At 11:15pm, three more withdrawals were made; $19,318.06, $27,514.04, and $24,698.95. Finally, around 11:25pm, the rest of the account was drained, with a withdrawal of $26,508.37.
Agencies watching the WannaCry hackers and attacks came to a general consensus that it was an operation out of North Korea, and it’s a politically motivated attack.