Following the money is a classic technique used by law enforcement to link criminals to crimes by tracing associated financial exchanges, but that may not be easy in the case of the WannaCry attacks
The ransom paid into bitcoin wallets has been under surveillance for two-and-a-half months. The funds have now been collected, which should theoretically lead to those behind WannaCry.
More than $140,000 worth of bitcoins has been drained from bitcoin wallets associated with the WannaCry attack that affected more than 200,000 computers in 150 countries.
According to a Twitter bot set up by Quartz journalist Keith Collins, all of the bitcoin wallets linked to the attack were emptied from around 4am UK time today (3 August 2017).
The ransomware demanded between $300 and $600 to restore data encrypted by the WannaCry malware, and the total collected suggests that around 300 victims paid up.
Although standard advice from the security industry and law enforcement is not to pay ransoms because it reinforces and perpetuates the business model, many firms pay out of desperation.