Here's a refresher on bitcoin and how it's connected to the ransomware threat.
Bitcoin is a kind of digital currency. You can buy it with dollars or euros, just like you can trade any other currency. You store it in an online “wallet.” And with that wallet, you can spend bitcoin online and in the physical world for goods and services. Even PayPal supports bitcoin.
And, of course, bitcoin has a valuation, which you may have heard about because bitcoin's price has fluctuated up and down.
What's different about bitcoin?
Usually, if you pay for something on the Internet, you use a credit or debit card. That card is connected to information about you, such as your name and billing address.
You can use bitcoin the same way, but unlike with a credit card, the transactions you make with the currency are completely anonymous. They can't be used to identify you personally. Instead, whenever you trade in bitcoin, you use a "private key" associated with your wallet to generate a bit of code — called an address — that is then publicly associated with your transaction but with no personal identifying information. In that way, every transaction is recorded and securely signed in an open ledger that anyone can read and double-check.
So you can use bitcoin to protect your privacy. Is that why the WannaCry attackers picked it as a form of payment?
Possibly. Bitcoin has certainly gained prominence in the news media as a technology that can facilitate crime. But even though the identities of people in a bitcoin transaction may be hidden, the public ledger has increasingly helped law enforcement trace the movement of bitcoins from place to place.
The Justice Department has successfully prosecuted online criminal operations that used bitcoin. In 2013, the government arrested Ross Ulbricht, the founder of a major underground drug market, and seized more than $3.5 million worth of bitcoin. Two undercover FBI agents associated with the investigation were later accused of stealing some of that currency.
Could law enforcement wind up doing something similar with WannaCry?
The government is already investigating. On Monday, White House homeland security adviser Tom Bossert told reporters that “attribution” — the process of figuring out who was responsible for the crime — is generally pretty tough in computer attacks. Often, the attackers are located beyond the reach of U.S. law enforcement or have shrouded their activities behind multiple layers of security. But, Bossert said, “I don't want to say that we have no clues.”
How much money have the attackers collected?
So far, it looks to be about $55,000, according to a bot designed by the news site Quartz that is tracking the amount of money in the attackers' wallets.
Considering that Europol, the European Union law enforcement agency, has said that more than 200,000 computers have been infected with the malware, that doesn't seem like a lot of money. Still, the value of a single bitcoin has risen steadily in recent years. Hours before WannaCry began spreading last week, the price of one bitcoin hit an all-time high of $1,830. Some analysts predict that it could break $3,000 by year's end — although the price fell by $200 after the attack was revealed.
In light of how cheaply and easily hackers can push out ransomware, winning even a handful of bitcoins and holding onto them for a while could make the cyber-thieves a large sum of money.