A major ransomware attack affected more than 200,000 computers in 150 countries across the globe over the weekend. Targeting computers running the Microsoft Windows operating system, the malware encrypted users’ files and demanded payment in bitcoin equivalent to about $300 within 72 hours to regain access.
If users didn’t pay, the ransom would rise. After a week, files were locked for good. While WannaCry may have made individuals and organizations do just that, it turns out that, after crying, not very many of them have actually paid up. And deadlines are starting to pass.
Data from Elliptic Enterprises, a London-based company that tracks illegal bitcoin use found that, as of early Monday afternoon, the total amount of ransom paid out to the three bitcoin wallet addresses known to be associated with WannaCry totaled just under $56,000 (about 32 BTC).
That’s not very much considering the scale of the attack and the average ransom. If everyone paid up right away, rough calculations suggest there would be at least $60 million in it for the fraudsters. Given this rough estimate, the current payout for WannaCry is just over 0.09 percent of what it could have been.
While some people and organizations had data backed up, standard data recovery procedures or policies against paying ransom, those whose data was lost still haven’t paid up like one might expect. The reason, it turns out, can be attributed to the fact that bitcoin isn’t particularly easy to come by at a moment’s notice.
“A large amount of bitcoin is actually somewhat difficult to source quickly,” Alex Sunnarborg, an analyst at CoinDesk, told Bloomberg, noting that to create an account at a bitcoin exchange, connect a bank account and then receive BTC can sometimes take a few days.
Longer if there aren’t exchanges in the user’s country of origin — since that means they first have to exchange their local currency for another.