Paying the WannaCry ransom will probably get you nothing. Here's why.

The WannaCry ransomware is built with a shoddy payment process that might result in no response, according to security researchers

Last Friday’s massive WannaCry ransomware attack means victims around the world are facing a tough question: Should they pay the ransom?

Those who do shouldn't expect a quick response -- or any response at all. Even after payment, the ransomware doesn’t automatically release your computer and decrypt your files, according to security researchers.

Instead, victims have to wait and hope WannaCry’s developers will remotely free the hostage computer over the internet. It's a process that’s entirely manual and contains a serious flaw: The hackers have no way to prove who paid off the ransom.

"The odds of getting back their files decrypted is very small," said Vikram Thakur, technical director at security firm Symantec. "It's better for [the victims] to save their money and rebuild the affected computers."

The WannaCry ransomware, also known as WanaDecryptor, broke out last Friday, infecting vulnerable Windows systems like a computer worm. More than 300,000 machines in 150 countries have been hit so far, U.S. homeland security advisor Tom Bossert said in a press briefing on Monday.

The infection strikes by encrypting all the files on the PC and then displaying a ransom note demanding US$300 or $600 in bitcoin. Victims who don’t pay will have their files erased after seven days.

Owners of these machines may be tempted to pay the ransom, but don’t count on getting your files back, said Matthew Hickey, director of security provider Hacker House.

The culprits can only restore users' systems by manually sending the decryption key to each affected computer, which will amount to a time-consuming process, he said.

“You’re really at the mercy of the human operator. Someone at the other end of the connection," Hickey said.

The other problem is that WannaCry has no mechanism to determine who paid what and which computer should be released.

Victims are merely told to send payment to one of three bitcoin wallets and then wait for a decryption key, said Maya Horowitz, threat intelligence group manager at security firm Check Point.

But unlike most ransomware, WannaCry has no process to uniquely identify which ransom payment is tied to which computer, Horowitz said. Instead, users are left with a button on the displayed ransom note that says “check payment.”

“It’ll pop up an error message that says, 'We didn’t get your payment. The best time to try again is Monday to Friday 9 am to 11 am,'” Horowitz said.

Both Hickey and Horowitz said they haven’t heard of any cases where victims successfully freed their computers by paying the ransom.

However, Mikko Hypponen, chief research officer at security vendor F-Secure, tweeted on Monday that some victims who paid did get their files back. So far, F-Secure hasn’t provided more details.

The hackers behind WannaCry have already managed to rake in more than $56,000, according to records of the three bitcoin wallets provided for payment. But the inefficiency of the payment model makes Hickey wonder whether the hackers were really after money.

“If it was done for money, it wasn’t the smartest way to get it,” he said.

For example, the hackers could have lowered the ransom price to $10, making it cheap for anyone to pay. For a malicious program that's infected more than 300,000 machines, even a low ransom could have resulted a huge payoff.

Instead, the hackers asked for large sum, then used a shoddy payment process that made victims wonder whether they would get what they paid for.

“It removes the incentive to send any money to the attacker,” Hickey said.

It's still unclear who created WannaCry, whether amateurs or skilled hackers. The fact that there was a "kill switch" in the ransomware, which a researcher was able to activate on Friday, stopping the attack at least temporarily, suggests the coders were sloppy.

But WannaCry does at least one thing well: Flawlessly encrypts all the files on an affected machine. Security sleuths are still studying the ransomware for ways to salvage already infected computers.

"The implementation of the encryption was pretty rock solid," said Symantec's Thakur. "There wasn't any gap to jump in and get the files decrypted."

Security experts also warn WannaCry might strike again through new, updated variants.

To prevent infection, users should install the latest patches to vulnerable Windows systems, such as Windows 8, and run antivirus products, like Windows Defender, which can detect and stop the ransomware.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?