Ransomware attacks often use sophisticated techniques, making them relatively difficult for law enforcement to pin down compared to other online scams. But in the case of the “WannaCry” ransomware attack, which devastated the British NHS on May 12 and have since locked over 300,000 computers in more than 150 countries, security analysts are now saying that many aspects of the attack point to amateurish design.
According to cybercrime experts in law enforcement, the attackers likely used pre-built kits purchased on the dark web rather than building the software themselves. The malware used in the attack also contained an easily identified “kill switch,” meaning a URL address contained within the code that could be used to stop its spread.
Other defects involve the methods in which the hackers have demanded money from the victims. A typical ransomware attack includes an automated way for the ransomers to accept payment. But in the “WannaCry” attack, the system seems designed so that the scammers must manually send each victim a code to unlock their computer.
The other issue is that the ransomers are asking for payments in bitcoin, which are public transactions. This means that the $60,000 so far collected in the attacks is effectively sitting there untouched. Usually hackers work around this by creating geographic “safe zones” where the money can be safely laundered; but the widespread nature of these attacks seems to exclude this possibility.
Some experts have drawn a link between the attacks and North Korea, pointing out similarities to previous incursions originating in the isolated country. Whatever the case, the “WannaCry” ransomware seems as if it was designed to bully a few hundred users, not hundreds of thousands. The attackers likely had no idea how fast the malware would spread. Though the attack has succeeded in creating chaos, it seems to have failed in the purpose of collecting payment.