Users with infected computers in Russia and South Korea are so far the two biggest ransom payers to the hackers who yesterday mounted a global ransomware attack, called “Wannacry,” according to new data from Chainalysis, a provider of software that works with banks, law enforcement agencies, and bitcoin companies to analyze the blockchain for financial crimes.
All bitcoin transactions are permanently recorded on the blockchain, and anyone can view them. Chainalysis crunches these transactions and assigns them to clusters of “entities,” which could be bitcoin exchanges, wallet providers, or bitcoin miners. The firm found the hackers, who ask for ransom to be sent to three bitcoin addresses, had received a total of nearly $23,000 so far in dollar terms, converted at the point the transaction was made.
The two entities that sent the most money to the hackers were bitcoin exchanges serving the Russian and Korean markets.
“If you look at the infection rates, a lot of it is in Russia, so [the data] is complementing that,” says Jonathan Levin, a Chainalysis co-founder. “Given that we know the infections are also in Russia, I would say, it’s Russian users.”
Analysis by information security firm Kaspersky Lab showed Russia had the most infections, although South Korea doesn’t appear among the top countries.