Over the course of its run, WannaCry spread to more than 150 countries and infected thousands of machines. The ransomware caused no end of chaos, but it didn’t earn the hackers much of a payday.
Those whose PCs were infected by the WannaCry ransomware were given a choice: Pay a ransom of $300 in bitcoin or lose access to your data. If the money wasn’t sent within three days, the ransom was increased to $600. Those who went a week without paying were told their files would be lost forever.
In addition to individual users, WannaCry infected the PCs of more than 300,000 organizations around the world including major European companies, the UK’s National Health Service, and even government organizations in China and Russia. However, despite all of this chaos, very few people gave in to the hackers’ demands.
According to a bot watching the Bitcoin wallets associated with WannaCry, a total of 296 payments have been made which amounts to roughly 48.9 BTC or $99,448.11.
The three bitcoin wallets tied to #WannaCry ransomware have received 296 payments totaling 48.86359565 BTC ($99,448.11 USD).
— actual ransom (@actual_ransom) May 21, 2017
For all of the chaos, all of the media attention, and the lives that were endangered as hospitals were shut down, WannaCry failed in its primary goal of making the hackers much money. Less than 0.1 percent of their victims paid for their scam and we don’t know how much the hackers themselves paid to acquire the data. It was allegedly auctioned by a group known as the Shadowbrokers, but they aren’t believed to be responsible for spreading the virus. It’s possible the hackers didn’t even recoup their investment.
As of right now, the hackers themselves have not been found. There has been some speculation that they are linked to North Korea, but those reports have not been confirmed. The Shadowbrokers specifically mentioned “Korea” as one of the nations that didn’t pay for the WannaCry software.
Regardless of their nation of origin, some have speculated that the hackers themselves are amateurs. As Craig Williams, a cybersecurity researcher for Cisco, points out, the entire operation has been a failure.
“From a ransom perspective, it’s a catastrophic failure,” says Williams. “High damage, very high publicity, very high law-enforcement visibility, and it has probably the lowest profit margin we’ve seen from any moderate or even small ransomware campaign.”
Without knowing which country the hackers are in, it’s impossible to say what kind of penalties they would face, but it is almost a guarantee that they would face decades in prison. Under U.S. law, the penalties for such crimes can be as high as 20 years imprisonment and there’s no telling how many counts the group would be charged with.