The security community reported two major incidents connected to the infamous WannaCry ransomware that hit computers worldwide about a month ago. The operators behind it have managed to collect the ransom sums. At the same time the expert who shut it down Marcus Hutchins was arrested by the FBI.
WannaCry Large Ransom Sums Collected by Operators
Security experts identified that the criminal operators behind the infamous WannaCry attacks finally collected the sent payments. At the onset of the infection campaign the security researchers and vendors who were trying to repel the attack and remedy the consequences found that even though that computer victims sent ransomware payments they were not collected by the hacker operators. Since then the value of the Bitcoin digital currency which was the utilized payment method grew. This is one of the probable reasons why the hackers decided to hold the collection.
The various attack campaigns used three primary Bitcoin wallet addresses which were associated with the criminals. According to the reports the withdrawn sum amounts to about 70 000 US Dollars. No information is available about who is responsible for the transactions.
Marcus Hutchins Responsible for WannaCry Shutdown Arrested by the FBI
The expert responsible for the effective WannaCry kill switch, 23-years-old Marcus Hutchins was arrested by the FBI on six charges for conspiracy. Also known as MalwareTech and several other aliases he was responsible for creating a special kill switch that was able to counter the dangerous attacks caused by the WannaCry ransomware. His arrest was only a few days after the annual DEF CON hacking conference which took place last week in Las Vegas.
Hutchins is charged with conspiracy on several cases, mainly dealing with the creation and coordination of financial crimes using the banking trojan called “Kronos”. It became famous back in 2014 when a video was posted on a popular video sharing site demonstrating the operation of the threat. Several months later Kronos was found on sale on the underground hacking markets making it possible for criminals to use it in attack campaigns.
Security researchers also note that Kronos was also being advertised on Russian hacking communities as well where the price was adjusted to 7000 US Dollars, while on other sites it can be found for 3000. The banking Trojan is described as having the ability to conceal itself from anti-virus and security solutions as well as protect itself from sandbox environments.
The Security community posted that Hutchins AKA MalwareTech used several underground aliases including: iarkey, _0xE9, MonkeyBalls and etc.
November last year a major attack campaign using the banking Trojan was able to infiltrate a large number of companies and government institutions in the fields of education, hospitality, healthcare and financial services. One of the main goals of Kronos is to withdraw credit card numbers from secure databases and relay the data to the criminal operators. As Marcus Hutchins is suspected for being the principal operator he has probably accumulated a lot of cash. The charges against Hutchins are the following:
It is still not known for certain where Hutchins is. A friend of his posted that Hutchins was booked into the Henderson Detention Center in Nevada. However soon afterwards the records were removed from the website. It suspected that he might have been taken for interrogation in the field office of the FBI in Las Vegas.
At the same time security researchers from around the world have created a Twitter profile called “Free MalwareTech” to call for his release.