Hardly Anyone Paying the Hackers? Because Using Bitcoin Is Hard
Deadlines for paying the ransom are beginning to pass
Only an estimated $50,000 had been paid as of early Monday
An unprecedented cyberattack swept across the globe over the weekend, but so far the majority of victims haven’t paid hackers a ransom.
After the ransomware began infecting users on Friday, they were given 72 hours to pay $300 in bitcoin -- chosen by the hackers because the crypto currency is harder to track than conventional payments -- or pay twice as much. If they refused to pay after seven days, their computer would be permanently locked -- a serious problem for those who haven’t backed up their data.
As of early Monday, only about $50,000 had been paid in ransoms, according to Elliptic Enterprises Ltd., a London-based company that tracks illicit use of bitcoin. The company calculated the total based on payments tracked to bitcoin addresses specified in the ransom demands, adding that it expects the total to rise.
"The amount is indeed low," said Michela Menting, digital security research director at ABI Research. "This is likely due to the fact that organizations have initiated their backup and recovery procedures."
Moreover, for those who didn’t save their data on a separate system, paying a ransom isn’t like buying something from Amazon by entering their credit or debit card information. Even though the hackers provided a helpful link for those new to paying in bitcoin, the crypto currency is a black box for most people.
"If you’re presented with something that says pay this amount in bitcoin, most people don’t know where to start with that," said James Smith, the CEO and co-founder of Elliptic.
There are several steps. First, a person or business has to obtain the bitcoins by registering with one of the various online exchanges and going through its verification process. After that, money can be deposited into the exchange. For those living in countries that don’t have an exchange, including the U.K., money must be converted into another currency.
Once the money is deposited on the exchange, the bitcoins can be sent to the address provided by the extortionist. "It looks like a long garbled string of text," Smith said. After the fee is paid, the hackers supposedly free the affected computer.
"A large amount of bitcoin is actually somewhat difficult to source quickly," said Alex Sunnarborg, an analyst at bitcoin research company CoinDesk, adding it might take a few days to create an account at a bitcoin brokerage or exchange, connect a bank account, and then receive the bitcoin.
